puppet 6.28.0-universal-darwin → 7.0.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +16 -2
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +5 -7
- data/Gemfile.lock +52 -131
- data/README.md +5 -5
- data/conf/fileserver.conf +5 -10
- data/ext/README.environment +8 -0
- data/ext/build_defaults.yaml +1 -1
- data/ext/dbfix.sql +132 -0
- data/ext/debian/README.Debian +8 -0
- data/ext/debian/README.source +2 -0
- data/ext/debian/TODO.Debian +1 -0
- data/ext/debian/changelog.erb +1122 -0
- data/ext/debian/compat +1 -0
- data/ext/debian/control +144 -0
- data/ext/debian/copyright +339 -0
- data/ext/debian/docs +1 -0
- data/ext/debian/fileserver.conf +41 -0
- data/ext/debian/puppet-common.dirs +13 -0
- data/ext/debian/puppet-common.install +3 -0
- data/ext/debian/puppet-common.lintian-overrides +5 -0
- data/ext/debian/puppet-common.manpages +28 -0
- data/ext/debian/puppet-common.postinst +35 -0
- data/ext/debian/puppet-common.postrm +33 -0
- data/ext/debian/puppet-el.dirs +1 -0
- data/ext/debian/puppet-el.emacsen-install +25 -0
- data/ext/debian/puppet-el.emacsen-remove +11 -0
- data/ext/debian/puppet-el.emacsen-startup +9 -0
- data/ext/debian/puppet-el.install +1 -0
- data/ext/debian/puppet-testsuite.install +2 -0
- data/ext/debian/puppet-testsuite.lintian-overrides +4 -0
- data/ext/debian/puppet.lintian-overrides +3 -0
- data/ext/debian/puppet.logrotate +20 -0
- data/ext/debian/puppet.postinst +20 -0
- data/ext/debian/puppet.postrm +20 -0
- data/ext/debian/puppet.preinst +20 -0
- data/ext/debian/puppetmaster-common.install +2 -0
- data/ext/debian/puppetmaster-common.manpages +2 -0
- data/ext/debian/puppetmaster-common.postinst +6 -0
- data/ext/debian/puppetmaster-passenger.dirs +4 -0
- data/ext/debian/puppetmaster-passenger.postinst +162 -0
- data/ext/debian/puppetmaster-passenger.postrm +61 -0
- data/ext/debian/puppetmaster.README.debian +17 -0
- data/ext/debian/puppetmaster.default +14 -0
- data/ext/debian/puppetmaster.init +137 -0
- data/ext/debian/puppetmaster.lintian-overrides +3 -0
- data/ext/debian/puppetmaster.postinst +20 -0
- data/ext/debian/puppetmaster.postrm +5 -0
- data/ext/debian/puppetmaster.preinst +22 -0
- data/ext/debian/rules +132 -0
- data/ext/debian/source/format +1 -0
- data/ext/debian/source/options +1 -0
- data/ext/debian/vim-puppet.README.Debian +13 -0
- data/ext/debian/vim-puppet.dirs +5 -0
- data/ext/debian/vim-puppet.yaml +7 -0
- data/ext/debian/watch +2 -0
- data/ext/freebsd/puppetd +26 -0
- data/ext/freebsd/puppetmasterd +26 -0
- data/ext/gentoo/conf.d/puppet +5 -0
- data/ext/gentoo/conf.d/puppetmaster +12 -0
- data/ext/gentoo/init.d/puppet +38 -0
- data/ext/gentoo/init.d/puppetmaster +51 -0
- data/ext/gentoo/puppet/fileserver.conf +41 -0
- data/ext/ips/puppet-agent +44 -0
- data/ext/ips/puppet-master +44 -0
- data/ext/ips/puppet.p5m.erb +12 -0
- data/ext/ips/puppetagent.xml +42 -0
- data/ext/ips/puppetmaster.xml +42 -0
- data/ext/ips/rules +19 -0
- data/ext/ips/transforms +34 -0
- data/ext/ldap/puppet.schema +24 -0
- data/ext/logcheck/puppet +23 -0
- data/{examples → ext}/nagios/check_puppet.rb +2 -2
- data/ext/osx/file_mapping.yaml +28 -0
- data/ext/osx/postflight.erb +109 -0
- data/ext/osx/preflight.erb +52 -0
- data/ext/osx/prototype.plist.erb +38 -0
- data/ext/osx/puppet.plist +0 -2
- data/ext/project_data.yaml +1 -15
- data/ext/redhat/fileserver.conf +41 -0
- data/ext/redhat/logrotate +21 -0
- data/ext/redhat/puppet.spec.erb +841 -0
- data/ext/redhat/server.init +128 -0
- data/ext/redhat/server.sysconfig +13 -0
- data/{examples/enc → ext}/regexp_nodes/classes/databases +0 -0
- data/{examples/enc → ext}/regexp_nodes/classes/webservers +0 -0
- data/{examples/enc → ext}/regexp_nodes/environment/development +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/prod +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/qa +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/sandbox +0 -0
- data/{examples/enc → ext}/regexp_nodes/regexp_nodes.rb +0 -0
- data/ext/solaris/pkginfo +6 -0
- data/ext/solaris/smf/puppetd.xml +77 -0
- data/ext/solaris/smf/puppetmasterd.xml +77 -0
- data/ext/solaris/smf/svc-puppetd +71 -0
- data/ext/solaris/smf/svc-puppetmasterd +67 -0
- data/ext/suse/puppet.spec +310 -0
- data/ext/suse/server.init +173 -0
- data/ext/windows/service/daemon.rb +6 -5
- data/ext/yaml_nodes.rb +105 -0
- data/install.rb +21 -17
- data/lib/puppet/agent.rb +11 -47
- data/lib/puppet/application/agent.rb +16 -18
- data/lib/puppet/application/apply.rb +4 -24
- data/lib/puppet/application/device.rb +100 -106
- data/lib/puppet/application/filebucket.rb +13 -10
- data/lib/puppet/application/lookup.rb +24 -74
- data/lib/puppet/application/resource.rb +16 -32
- data/lib/puppet/application/script.rb +0 -2
- data/lib/puppet/application/ssl.rb +1 -13
- data/lib/puppet/application.rb +178 -108
- data/lib/puppet/application_support.rb +0 -7
- data/lib/puppet/concurrent/thread_local_singleton.rb +3 -6
- data/lib/puppet/configurer/downloader.rb +1 -2
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/configurer.rb +86 -183
- data/lib/puppet/confine/variable.rb +1 -1
- data/lib/puppet/defaults.rb +130 -244
- data/lib/puppet/environments.rb +82 -146
- data/lib/puppet/face/facts.rb +5 -103
- data/lib/puppet/face/generate.rb +0 -2
- data/lib/puppet/face/help/action.erb +0 -1
- data/lib/puppet/face/help/face.erb +0 -1
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/node/clean.rb +0 -11
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/file_serving/configuration/parser.rb +3 -34
- data/lib/puppet/file_serving/configuration.rb +0 -8
- data/lib/puppet/file_serving/fileset.rb +2 -14
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/metadata.rb +0 -3
- data/lib/puppet/file_serving/mount/file.rb +4 -4
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_system/file_impl.rb +8 -10
- data/lib/puppet/file_system/jruby.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +1 -8
- data/lib/puppet/file_system/windows.rb +6 -8
- data/lib/puppet/file_system.rb +1 -1
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/forge.rb +4 -4
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +0 -8
- data/lib/puppet/functions/find_template.rb +2 -2
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +5 -13
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/next.rb +1 -18
- data/lib/puppet/functions/partition.rb +4 -12
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +0 -1
- data/lib/puppet/functions/tree_each.rb +10 -7
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +2 -17
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/functions/versioncmp.rb +2 -6
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/generate/type.rb +0 -9
- data/lib/puppet/http/client.rb +167 -137
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -15
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -17
- data/lib/puppet/http/resolver/server_list.rb +10 -25
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +23 -144
- data/lib/puppet/http/service/file_server.rb +19 -29
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/indirector/catalog/compiler.rb +6 -25
- data/lib/puppet/indirector/catalog/rest.rb +2 -5
- data/lib/puppet/indirector/facts/facter.rb +6 -6
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/resource/ral.rb +1 -6
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/indirector/terminus.rb +0 -4
- data/lib/puppet/interface/documentation.rb +0 -1
- data/lib/puppet/module/plan.rb +1 -0
- data/lib/puppet/module/task.rb +1 -1
- data/lib/puppet/module.rb +0 -1
- data/lib/puppet/module_tool/applications/installer.rb +2 -56
- data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/errors/shared.rb +2 -34
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +0 -67
- data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node/environment.rb +11 -10
- data/lib/puppet/node.rb +2 -31
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +4 -2
- data/lib/puppet/parser/ast/leaf.rb +2 -3
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
- data/lib/puppet/parser/resource.rb +1 -70
- data/lib/puppet/parser/scope.rb +0 -1
- data/lib/puppet/parser/templatewrapper.rb +1 -2
- data/lib/puppet/pops/evaluator/closure.rb +5 -7
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -4
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/lookup/lookup_adapter.rb +2 -3
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -291
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +1 -47
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/code_merger.rb +4 -4
- data/lib/puppet/pops/parser/egrammar.ra +0 -58
- data/lib/puppet/pops/parser/eparser.rb +1685 -1896
- data/lib/puppet/pops/parser/lexer2.rb +91 -92
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/parser/slurp_support.rb +0 -1
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
- data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
- data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_formatter.rb +3 -4
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +1 -2
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/property/list.rb +1 -1
- data/lib/puppet/provider/aix_object.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +4 -16
- data/lib/puppet/provider/group/groupadd.rb +10 -18
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +2 -34
- data/lib/puppet/provider/package/aptitude.rb +0 -6
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/nim.rb +6 -11
- data/lib/puppet/provider/package/pip.rb +3 -16
- data/lib/puppet/provider/package/pkg.rb +2 -23
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/package/puppetserver_gem.rb +17 -8
- data/lib/puppet/provider/package/windows/exe_package.rb +1 -30
- data/lib/puppet/provider/package/windows/package.rb +1 -2
- data/lib/puppet/provider/package/windows.rb +1 -14
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/parsedfile.rb +0 -3
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/debian.rb +0 -2
- data/lib/puppet/provider/service/init.rb +9 -10
- data/lib/puppet/provider/service/launchd.rb +2 -2
- data/lib/puppet/provider/service/redhat.rb +1 -1
- data/lib/puppet/provider/service/smf.rb +194 -76
- data/lib/puppet/provider/service/systemd.rb +6 -16
- data/lib/puppet/provider/service/upstart.rb +5 -5
- data/lib/puppet/provider/service/windows.rb +0 -38
- data/lib/puppet/provider/user/aix.rb +3 -46
- data/lib/puppet/provider/user/directoryservice.rb +11 -39
- data/lib/puppet/provider/user/useradd.rb +24 -134
- data/lib/puppet/provider.rb +1 -14
- data/lib/puppet/reference/configuration.rb +8 -7
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/reference/providers.rb +2 -2
- data/lib/puppet/resource/catalog.rb +2 -15
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -49
- data/lib/puppet/resource.rb +6 -127
- data/lib/puppet/runtime.rb +2 -13
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/settings.rb +82 -98
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +36 -75
- data/lib/puppet/ssl/state_machine.rb +20 -14
- data/lib/puppet/ssl/verifier.rb +2 -6
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/test/test_helper.rb +2 -7
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/persistence.rb +1 -21
- data/lib/puppet/transaction/report.rb +3 -19
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/type/exec.rb +6 -36
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/data_sync.rb +1 -1
- data/lib/puppet/type/file/mode.rb +0 -6
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/file.rb +12 -32
- data/lib/puppet/type/filebucket.rb +4 -4
- data/lib/puppet/type/group.rb +1 -0
- data/lib/puppet/type/package.rb +8 -16
- data/lib/puppet/type/resources.rb +1 -1
- data/lib/puppet/type/service.rb +41 -26
- data/lib/puppet/type/tidy.rb +3 -22
- data/lib/puppet/type/user.rb +13 -35
- data/lib/puppet/type.rb +1 -77
- data/lib/puppet/util/autoload.rb +8 -1
- data/lib/puppet/util/command_line.rb +1 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/filetype.rb +2 -2
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/json.rb +0 -20
- data/lib/puppet/util/log.rb +4 -8
- data/lib/puppet/util/logging.rb +25 -1
- data/lib/puppet/util/monkey_patches.rb +2 -59
- data/lib/puppet/util/package.rb +16 -25
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/posix.rb +5 -54
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/selinux.rb +4 -30
- data/lib/puppet/util/suidmanager.rb +2 -1
- data/lib/puppet/util/symbolic_file_mode.rb +17 -29
- data/lib/puppet/util/tagging.rb +0 -1
- data/lib/puppet/util/windows/adsi.rb +0 -46
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +2 -9
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +11 -457
- data/lib/puppet/util/windows/sid.rb +2 -6
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/windows/user.rb +2 -0
- data/lib/puppet/util/windows.rb +3 -11
- data/lib/puppet/util/yaml.rb +1 -42
- data/lib/puppet/util.rb +5 -5
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet.rb +34 -27
- data/locales/puppet.pot +9633 -5
- data/man/man5/puppet.conf.5 +286 -401
- data/man/man8/puppet-agent.8 +2 -5
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +8 -51
- data/man/man8/puppet-filebucket.8 +4 -4
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +6 -9
- data/man/man8/puppet-module.8 +3 -60
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -5
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
- data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/ca.pem +35 -57
- data/spec/fixtures/ssl/crl.pem +18 -28
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +24 -33
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +58 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
- data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
- data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
- data/spec/fixtures/ssl/intermediate.pem +36 -57
- data/spec/fixtures/ssl/pluto-key.pem +57 -107
- data/spec/fixtures/ssl/pluto.pem +30 -52
- data/spec/fixtures/ssl/request-key.pem +57 -107
- data/spec/fixtures/ssl/request.pem +26 -47
- data/spec/fixtures/ssl/revoked-key.pem +57 -107
- data/spec/fixtures/ssl/revoked.pem +30 -52
- data/spec/fixtures/ssl/signed-key.pem +57 -107
- data/spec/fixtures/ssl/signed.pem +30 -52
- data/spec/fixtures/ssl/tampered-cert.pem +30 -52
- data/spec/fixtures/ssl/tampered-csr.pem +26 -47
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
- data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-ca.pem +33 -55
- data/spec/fixtures/unit/forge/bacula.json +1 -1
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
- data/spec/integration/application/agent_spec.rb +50 -406
- data/spec/integration/application/apply_spec.rb +1 -20
- data/spec/integration/application/filebucket_spec.rb +16 -32
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/lookup_spec.rb +50 -81
- data/spec/integration/application/module_spec.rb +0 -21
- data/spec/integration/application/plugin_spec.rb +24 -2
- data/spec/integration/configurer_spec.rb +2 -18
- data/spec/integration/defaults_spec.rb +14 -3
- data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
- data/spec/integration/http/client_spec.rb +4 -63
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
- data/spec/integration/indirector/facts/facter_spec.rb +39 -93
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -47
- data/spec/integration/resource/type_collection_spec.rb +6 -2
- data/spec/integration/transaction/report_spec.rb +1 -1
- data/spec/integration/transaction_spec.rb +9 -4
- data/spec/integration/type/exec_spec.rb +45 -70
- data/spec/integration/type/file_spec.rb +7 -6
- data/spec/integration/type/package_spec.rb +6 -6
- data/spec/integration/util/rdoc/parser_spec.rb +1 -1
- data/spec/integration/util/windows/adsi_spec.rb +1 -21
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/principal_spec.rb +0 -21
- data/spec/integration/util/windows/process_spec.rb +9 -1
- data/spec/integration/util/windows/registry_spec.rb +10 -6
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/matchers/include.rb +27 -0
- data/spec/lib/matchers/include_spec.rb +32 -0
- data/spec/lib/puppet/test_ca.rb +2 -7
- data/spec/lib/puppet_spec/https.rb +1 -1
- data/spec/lib/puppet_spec/modules.rb +2 -13
- data/spec/lib/puppet_spec/puppetserver.rb +3 -55
- data/spec/lib/puppet_spec/settings.rb +1 -1
- data/spec/shared_behaviours/documentation_on_faces.rb +2 -0
- data/spec/spec_helper.rb +17 -13
- data/spec/unit/agent_spec.rb +8 -38
- data/spec/unit/application/agent_spec.rb +19 -33
- data/spec/unit/application/apply_spec.rb +56 -76
- data/spec/unit/application/facts_spec.rb +12 -456
- data/spec/unit/application/filebucket_spec.rb +43 -39
- data/spec/unit/application/lookup_spec.rb +10 -131
- data/spec/unit/application/resource_spec.rb +0 -29
- data/spec/unit/application/ssl_spec.rb +2 -25
- data/spec/unit/application_spec.rb +9 -51
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +68 -327
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +2 -8
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/daemon_spec.rb +11 -2
- data/spec/unit/defaults_spec.rb +68 -55
- data/spec/unit/environments_spec.rb +68 -408
- data/spec/unit/face/generate_spec.rb +0 -64
- data/spec/unit/face/node_spec.rb +11 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +15 -41
- data/spec/unit/file_serving/configuration_spec.rb +10 -26
- data/spec/unit/file_serving/fileset_spec.rb +0 -60
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
- data/spec/unit/file_system_spec.rb +4 -56
- data/spec/unit/forge/module_release_spec.rb +10 -5
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +0 -10
- data/spec/unit/functions/logging_spec.rb +0 -1
- data/spec/unit/functions/lookup_spec.rb +0 -64
- data/spec/unit/functions/unwrap_spec.rb +0 -8
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/functions/versioncmp_spec.rb +4 -40
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +0 -12
- data/spec/unit/http/client_spec.rb +8 -84
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -193
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/compiler_spec.rb +10 -101
- data/spec/unit/indirector/catalog/rest_spec.rb +0 -8
- data/spec/unit/indirector/face_spec.rb +1 -0
- data/spec/unit/indirector/facts/facter_spec.rb +3 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/indirection_spec.rb +15 -18
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/resource/ral_spec.rb +75 -40
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector/store_configs_spec.rb +7 -0
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/interface/action_spec.rb +9 -0
- data/spec/unit/module_spec.rb +1 -15
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -105
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -51
- data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -60
- data/spec/unit/parser/compiler_spec.rb +19 -3
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
- data/spec/unit/parser/resource_spec.rb +8 -14
- data/spec/unit/parser/templatewrapper_spec.rb +5 -16
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_containers_spec.rb +13 -2
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/serialization/to_stringified_spec.rb +0 -5
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -12
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -51
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/property_spec.rb +0 -1
- data/spec/unit/provider/group/groupadd_spec.rb +2 -5
- data/spec/unit/provider/nameservice_spec.rb +64 -122
- data/spec/unit/provider/package/apt_spec.rb +23 -28
- data/spec/unit/provider/package/aptitude_spec.rb +1 -1
- data/spec/unit/provider/package/base_spec.rb +5 -6
- data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +33 -1
- data/spec/unit/provider/package/nim_spec.rb +0 -42
- data/spec/unit/provider/package/pacman_spec.rb +12 -18
- data/spec/unit/provider/package/pip2_spec.rb +1 -1
- data/spec/unit/provider/package/pip3_spec.rb +1 -1
- data/spec/unit/provider/package/pip_spec.rb +12 -44
- data/spec/unit/provider/package/pkg_spec.rb +4 -29
- data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +4 -3
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +3 -3
- data/spec/unit/provider/package/windows/exe_package_spec.rb +0 -17
- data/spec/unit/provider/parsedfile_spec.rb +0 -10
- data/spec/unit/provider/service/gentoo_spec.rb +5 -6
- data/spec/unit/provider/service/init_spec.rb +9 -16
- data/spec/unit/provider/service/launchd_spec.rb +0 -11
- data/spec/unit/provider/service/openwrt_spec.rb +29 -23
- data/spec/unit/provider/service/redhat_spec.rb +2 -3
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/systemd_spec.rb +9 -54
- data/spec/unit/provider/service/windows_spec.rb +0 -203
- data/spec/unit/provider/user/aix_spec.rb +0 -105
- data/spec/unit/provider/user/directoryservice_spec.rb +36 -68
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/pw_spec.rb +0 -2
- data/spec/unit/provider/user/useradd_spec.rb +5 -114
- data/spec/unit/provider_spec.rb +12 -22
- data/spec/unit/puppet_spec.rb +4 -12
- data/spec/unit/resource/catalog_spec.rb +2 -15
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +12 -125
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +79 -110
- data/spec/unit/ssl/base_spec.rb +37 -3
- data/spec/unit/ssl/certificate_request_spec.rb +21 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +3 -80
- data/spec/unit/ssl/state_machine_spec.rb +5 -21
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
- data/spec/unit/transaction/event_manager_spec.rb +11 -14
- data/spec/unit/transaction/persistence_spec.rb +0 -51
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +55 -96
- data/spec/unit/type/exec_spec.rb +29 -76
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +2 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/selinux_spec.rb +5 -3
- data/spec/unit/type/file/source_spec.rb +4 -5
- data/spec/unit/type/file_spec.rb +18 -6
- data/spec/unit/type/group_spec.rb +6 -13
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +189 -87
- data/spec/unit/type/tidy_spec.rb +8 -24
- data/spec/unit/type_spec.rb +24 -4
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +1 -5
- data/spec/unit/util/backups_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +11 -44
- data/spec/unit/util/inifile_spec.rb +14 -6
- data/spec/unit/util/log_spec.rb +7 -8
- data/spec/unit/util/logging_spec.rb +3 -5
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +15 -363
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/selinux_spec.rb +68 -163
- data/spec/unit/util/storage_spec.rb +1 -3
- data/spec/unit/util/suidmanager_spec.rb +41 -44
- data/spec/unit/util/windows/sid_spec.rb +0 -41
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +13 -92
- data/spec/unit/util_spec.rb +6 -31
- data/tasks/generate_cert_fixtures.rake +7 -17
- data/tasks/parallel.rake +3 -3
- metadata +138 -233
- data/conf/auth.conf +0 -150
- data/ext/README.md +0 -13
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/facter_impl.rb +0 -96
- data/lib/puppet/ffi/posix/constants.rb +0 -14
- data/lib/puppet/ffi/posix/functions.rb +0 -24
- data/lib/puppet/ffi/posix.rb +0 -10
- data/lib/puppet/file_serving/mount/scripts.rb +0 -24
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/settings/alias_setting.rb +0 -37
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -81
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -92
- data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +0 -3
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +0 -4
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +0 -3
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +0 -8
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +0 -25
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +0 -19
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +0 -20
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +0 -8
- data/spec/fixtures/ssl/oid-key.pem +0 -117
- data/spec/fixtures/ssl/oid.pem +0 -69
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
- data/spec/integration/application/resource_spec.rb +0 -68
- data/spec/integration/application/ssl_spec.rb +0 -20
- data/spec/integration/l10n/compiler_spec.rb +0 -37
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/shared_contexts/l10n.rb +0 -32
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/concurrent/thread_local_singleton_spec.rb +0 -39
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/facter_impl_spec.rb +0 -31
- data/spec/unit/file_serving/mount/scripts_spec.rb +0 -69
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -407
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/json_spec.rb +0 -126
- data/spec/unit/util/ssl_spec.rb +0 -91
- data/spec/unit/util/windows_spec.rb +0 -23
data/man/man5/puppet.conf.5
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPETCONF" "5" "
|
4
|
+
.TH "PUPPETCONF" "5" "November 2020" "Puppet, Inc." "Puppet manual"
|
5
5
|
\fBThis page is autogenerated; any changes will get overwritten\fR
|
6
6
|
.
|
7
7
|
.SH "Configuration settings"
|
@@ -10,7 +10,7 @@
|
|
10
10
|
Each of these settings can be specified in \fBpuppet\.conf\fR or on the command line\.
|
11
11
|
.
|
12
12
|
.IP "\(bu" 4
|
13
|
-
Puppet Enterprise (PE) and open source Puppet share the configuration settings documented here\. However, PE defaults differ from open source defaults
|
13
|
+
Puppet Enterprise (PE) and open source Puppet share the configuration settings that are documented here\. However, PE defaults for some settings differ from the open source Puppet defaults\. Some examples of settings that have different PE defaults include \fBdisable18n\fR, \fBenvironment_timeout\fR, \fBalways_retry_plugins\fR, and the Puppet Server JRuby \fBmax\-active\-instances\fR setting\. To verify PE configuration defaults, check the \fBpuppet\.conf\fR file after installation\.
|
14
14
|
.
|
15
15
|
.IP "\(bu" 4
|
16
16
|
When using boolean settings on the command line, use \fB\-\-setting\fR and \fB\-\-no\-setting\fR instead of \fB\-\-setting (true|false)\fR\. (Using \fB\-\-setting false\fR results in "Error: Could not parse application options: needless argument"\.)
|
@@ -42,7 +42,7 @@ See the configuration guide \fIhttps://puppet\.com/docs/puppet/latest/config_abo
|
|
42
42
|
A lock file to indicate that a puppet agent catalog run is currently in progress\. The file contains the pid of the process that holds the lock on the catalog run\.
|
43
43
|
.
|
44
44
|
.IP "\(bu" 4
|
45
|
-
\fIDefault\fR:
|
45
|
+
\fIDefault\fR: $statedir/agent_catalog_run\.lock
|
46
46
|
.
|
47
47
|
.IP "" 0
|
48
48
|
.
|
@@ -50,7 +50,7 @@ A lock file to indicate that a puppet agent catalog run is currently in progress
|
|
50
50
|
A lock file to indicate that puppet agent runs have been administratively disabled\. File contains a JSON object with state information\.
|
51
51
|
.
|
52
52
|
.IP "\(bu" 4
|
53
|
-
\fIDefault\fR:
|
53
|
+
\fIDefault\fR: $statedir/agent_disabled\.lock
|
54
54
|
.
|
55
55
|
.IP "" 0
|
56
56
|
.
|
@@ -58,7 +58,7 @@ A lock file to indicate that puppet agent runs have been administratively disabl
|
|
58
58
|
Whether to allow a new certificate request to overwrite an existing certificate request\. If true, then the old certificate must be cleaned using \fBpuppetserver ca clean\fR, and the new request signed using \fBpuppetserver ca sign\fR\.
|
59
59
|
.
|
60
60
|
.IP "\(bu" 4
|
61
|
-
\fIDefault\fR:
|
61
|
+
\fIDefault\fR: false
|
62
62
|
.
|
63
63
|
.IP "" 0
|
64
64
|
.
|
@@ -69,7 +69,7 @@ Affects how we cache attempts to load Puppet resource types and features\. If tr
|
|
69
69
|
If this setting is set to false, then types and features will only be checked once, and if they are not available, the negative result is cached and returned for all subsequent attempts to load the type or feature\. This behavior is almost always appropriate for the server, and can result in a significant performance improvement for types and features that are checked frequently\.
|
70
70
|
.
|
71
71
|
.IP "\(bu" 4
|
72
|
-
\fIDefault\fR:
|
72
|
+
\fIDefault\fR: true
|
73
73
|
.
|
74
74
|
.IP "" 0
|
75
75
|
.
|
@@ -77,12 +77,12 @@ If this setting is set to false, then types and features will only be checked on
|
|
77
77
|
Whether log files should always flush to disk\.
|
78
78
|
.
|
79
79
|
.IP "\(bu" 4
|
80
|
-
\fIDefault\fR:
|
80
|
+
\fIDefault\fR: true
|
81
81
|
.
|
82
82
|
.IP "" 0
|
83
83
|
.
|
84
84
|
.SS "autosign"
|
85
|
-
Whether (and how) to autosign certificate requests\. This setting is only relevant on a
|
85
|
+
Whether (and how) to autosign certificate requests\. This setting is only relevant on a puppet master acting as a certificate authority (CA)\.
|
86
86
|
.
|
87
87
|
.P
|
88
88
|
Valid values are true (autosigns all certificate requests; not recommended), false (disables autosigning certificates), or the absolute path to a file\.
|
@@ -91,7 +91,7 @@ Valid values are true (autosigns all certificate requests; not recommended), fal
|
|
91
91
|
The file specified in this setting may be either a \fBconfiguration file\fR or a \fBcustom policy executable\.\fR Puppet will automatically determine what it is: If the Puppet user (see the \fBuser\fR setting) can execute the file, it will be treated as a policy executable; otherwise, it will be treated as a config file\.
|
92
92
|
.
|
93
93
|
.P
|
94
|
-
If a custom policy executable is configured, the CA
|
94
|
+
If a custom policy executable is configured, the CA puppet master will run it every time it receives a CSR\. The executable will be passed the subject CN of the request \fIas a command line argument,\fR and the contents of the CSR in PEM format \fIon stdin\.\fR It should exit with a status of 0 if the cert should be autosigned and non\-zero if the cert should not be autosigned\.
|
95
95
|
.
|
96
96
|
.P
|
97
97
|
If a certificate request is not autosigned, it will persist for review\. An admin user can use the \fBpuppetserver ca sign\fR command to manually sign it, or can delete the request\.
|
@@ -100,7 +100,7 @@ If a certificate request is not autosigned, it will persist for review\. An admi
|
|
100
100
|
For info on autosign configuration files, see the guide to Puppet\'s config files \fIhttps://puppet\.com/docs/puppet/latest/config_file_autosign\.html\fR\.
|
101
101
|
.
|
102
102
|
.IP "\(bu" 4
|
103
|
-
\fIDefault\fR:
|
103
|
+
\fIDefault\fR: $confdir/autosign\.conf
|
104
104
|
.
|
105
105
|
.IP "" 0
|
106
106
|
.
|
@@ -111,39 +111,37 @@ The search path for \fBglobal\fR modules\. Should be specified as a list of dire
|
|
111
111
|
These are the modules that will be used by \fIall\fR environments\. Note that the \fBmodules\fR directory of the active environment will have priority over any global directories\. For more info, see \fIhttps://puppet\.com/docs/puppet/latest/environments_about\.html\fR
|
112
112
|
.
|
113
113
|
.IP "\(bu" 4
|
114
|
-
\fIDefault\fR:
|
114
|
+
\fIDefault\fR: $codedir/modules:/opt/puppetlabs/puppet/modules
|
115
115
|
.
|
116
116
|
.IP "" 0
|
117
117
|
.
|
118
118
|
.SS "binder_config"
|
119
119
|
The binder configuration file\. Puppet reads this file on each request to configure the bindings system\. If set to nil (the default), a $confdir/binder_config\.yaml is optionally loaded\. If it does not exists, a default configuration is used\. If the setting :binding_config is specified, it must reference a valid and existing yaml file\.
|
120
120
|
.
|
121
|
-
.
|
122
|
-
\fIDefault\fR:
|
123
|
-
|
124
|
-
.IP "" 0
|
121
|
+
.TP
|
122
|
+
\fIDefault\fR:
|
123
|
+
|
125
124
|
.
|
126
125
|
.SS "bucketdir"
|
127
126
|
Where FileBucket files are stored\.
|
128
127
|
.
|
129
128
|
.IP "\(bu" 4
|
130
|
-
\fIDefault\fR:
|
129
|
+
\fIDefault\fR: $vardir/bucket
|
131
130
|
.
|
132
131
|
.IP "" 0
|
133
132
|
.
|
134
133
|
.SS "ca_fingerprint"
|
135
134
|
The expected fingerprint of the CA certificate\. If specified, the agent will compare the CA certificate fingerprint that it downloads against this value and reject the CA certificate if the values do not match\. This only applies during the first download of the CA certificate\.
|
136
135
|
.
|
137
|
-
.
|
138
|
-
\fIDefault\fR:
|
139
|
-
|
140
|
-
.IP "" 0
|
136
|
+
.TP
|
137
|
+
\fIDefault\fR:
|
138
|
+
|
141
139
|
.
|
142
140
|
.SS "ca_name"
|
143
141
|
The name to use the Certificate Authority certificate\.
|
144
142
|
.
|
145
143
|
.IP "\(bu" 4
|
146
|
-
\fIDefault\fR:
|
144
|
+
\fIDefault\fR: Puppet CA: $certname
|
147
145
|
.
|
148
146
|
.IP "" 0
|
149
147
|
.
|
@@ -151,7 +149,7 @@ The name to use the Certificate Authority certificate\.
|
|
151
149
|
The port to use for the certificate authority\.
|
152
150
|
.
|
153
151
|
.IP "\(bu" 4
|
154
|
-
\fIDefault\fR:
|
152
|
+
\fIDefault\fR: $serverport
|
155
153
|
.
|
156
154
|
.IP "" 0
|
157
155
|
.
|
@@ -159,7 +157,7 @@ The port to use for the certificate authority\.
|
|
159
157
|
The server to use for certificate authority requests\. It\'s a separate server because it cannot and does not need to horizontally scale\.
|
160
158
|
.
|
161
159
|
.IP "\(bu" 4
|
162
|
-
\fIDefault\fR:
|
160
|
+
\fIDefault\fR: $server
|
163
161
|
.
|
164
162
|
.IP "" 0
|
165
163
|
.
|
@@ -167,7 +165,7 @@ The server to use for certificate authority requests\. It\'s a separate server b
|
|
167
165
|
The default TTL for new certificates\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
168
166
|
.
|
169
167
|
.IP "\(bu" 4
|
170
|
-
\fIDefault\fR:
|
168
|
+
\fIDefault\fR: 5y
|
171
169
|
.
|
172
170
|
.IP "" 0
|
173
171
|
.
|
@@ -175,7 +173,7 @@ The default TTL for new certificates\. This setting can be a time interval in se
|
|
175
173
|
The CA certificate\.
|
176
174
|
.
|
177
175
|
.IP "\(bu" 4
|
178
|
-
\fIDefault\fR:
|
176
|
+
\fIDefault\fR: $cadir/ca_crt\.pem
|
179
177
|
.
|
180
178
|
.IP "" 0
|
181
179
|
.
|
@@ -183,7 +181,7 @@ The CA certificate\.
|
|
183
181
|
The certificate revocation list (CRL) for the CA\.
|
184
182
|
.
|
185
183
|
.IP "\(bu" 4
|
186
|
-
\fIDefault\fR:
|
184
|
+
\fIDefault\fR: $cadir/ca_crl\.pem
|
187
185
|
.
|
188
186
|
.IP "" 0
|
189
187
|
.
|
@@ -191,7 +189,7 @@ The certificate revocation list (CRL) for the CA\.
|
|
191
189
|
The root directory for the certificate authority\.
|
192
190
|
.
|
193
191
|
.IP "\(bu" 4
|
194
|
-
\fIDefault\fR:
|
192
|
+
\fIDefault\fR: /etc/puppetlabs/puppetserver/ca
|
195
193
|
.
|
196
194
|
.IP "" 0
|
197
195
|
.
|
@@ -199,7 +197,7 @@ The root directory for the certificate authority\.
|
|
199
197
|
The CA private key\.
|
200
198
|
.
|
201
199
|
.IP "\(bu" 4
|
202
|
-
\fIDefault\fR:
|
200
|
+
\fIDefault\fR: $cadir/ca_key\.pem
|
203
201
|
.
|
204
202
|
.IP "" 0
|
205
203
|
.
|
@@ -207,23 +205,22 @@ The CA private key\.
|
|
207
205
|
The CA public key\.
|
208
206
|
.
|
209
207
|
.IP "\(bu" 4
|
210
|
-
\fIDefault\fR:
|
208
|
+
\fIDefault\fR: $cadir/ca_pub\.pem
|
211
209
|
.
|
212
210
|
.IP "" 0
|
213
211
|
.
|
214
212
|
.SS "catalog_cache_terminus"
|
215
213
|
How to store cached catalogs\. Valid values are \'json\', \'msgpack\' and \'yaml\'\. The agent application defaults to \'json\'\.
|
216
214
|
.
|
217
|
-
.
|
218
|
-
\fIDefault\fR:
|
219
|
-
|
220
|
-
.IP "" 0
|
215
|
+
.TP
|
216
|
+
\fIDefault\fR:
|
217
|
+
|
221
218
|
.
|
222
219
|
.SS "catalog_terminus"
|
223
220
|
Where to get node catalogs\. This is useful to change if, for instance, you\'d like to pre\-compile catalogs and store them in memcached or some other easily\-accessed store\.
|
224
221
|
.
|
225
222
|
.IP "\(bu" 4
|
226
|
-
\fIDefault\fR:
|
223
|
+
\fIDefault\fR: compiler
|
227
224
|
.
|
228
225
|
.IP "" 0
|
229
226
|
.
|
@@ -231,7 +228,7 @@ Where to get node catalogs\. This is useful to change if, for instance, you\'d l
|
|
231
228
|
The inventory file\. This is a text file to which the CA writes a complete listing of all certificates\.
|
232
229
|
.
|
233
230
|
.IP "\(bu" 4
|
234
|
-
\fIDefault\fR:
|
231
|
+
\fIDefault\fR: $cadir/inventory\.txt
|
235
232
|
.
|
236
233
|
.IP "" 0
|
237
234
|
.
|
@@ -239,7 +236,7 @@ The inventory file\. This is a text file to which the CA writes a complete listi
|
|
239
236
|
The certificate directory\.
|
240
237
|
.
|
241
238
|
.IP "\(bu" 4
|
242
|
-
\fIDefault\fR:
|
239
|
+
\fIDefault\fR: $ssldir/certs
|
243
240
|
.
|
244
241
|
.IP "" 0
|
245
242
|
.
|
@@ -259,15 +256,15 @@ When certificate_revocation is set to \'leaf\', Puppet verifies certs against th
|
|
259
256
|
When certificate_revocation is set to \'false\', Puppet disables all certificate revocation checking and does not attempt to download the CRL\.
|
260
257
|
.
|
261
258
|
.IP "\(bu" 4
|
262
|
-
\fIDefault\fR:
|
259
|
+
\fIDefault\fR: chain
|
263
260
|
.
|
264
261
|
.IP "" 0
|
265
262
|
.
|
266
263
|
.SS "certname"
|
267
|
-
The name to use when handling certificates\. When a node requests a certificate from the CA
|
264
|
+
The name to use when handling certificates\. When a node requests a certificate from the CA puppet master, it uses the value of the \fBcertname\fR setting as its requested Subject CN\.
|
268
265
|
.
|
269
266
|
.P
|
270
|
-
This is the name used when managing a node\'s permissions in auth\.conf \fIhttps://puppet\.com/docs/
|
267
|
+
This is the name used when managing a node\'s permissions in Puppet Server\'s auth\.conf \fIhttps://puppet\.com/docs/puppetserver/latest/config_file_auth\.html\fR\. In most cases, it is also used as the node\'s name when matching node definitions \fIhttps://puppet\.com/docs/puppet/latest/lang_node_definitions\.html\fR and requesting data from an ENC\. (This can be changed with the \fBnode_name_value\fR and \fBnode_name_fact\fR settings, although you should only do so if you have a compelling reason\.)
|
271
268
|
.
|
272
269
|
.P
|
273
270
|
A node\'s certname is available in Puppet manifests as \fB$trusted[\'certname\']\fR\. (See Facts and Built\-In Variables \fIhttps://puppet\.com/docs/puppet/latest/lang_facts_and_builtin_vars\.html\fR for more details\.)
|
@@ -279,7 +276,7 @@ For best compatibility, you should limit the value of \fBcertname\fR to only use
|
|
279
276
|
The special value \fBca\fR is reserved, and can\'t be used as the certname for a normal node\.
|
280
277
|
.
|
281
278
|
.IP
|
282
|
-
\fBNote:\fR You must set the certname
|
279
|
+
\fBNote:\fR You must set the certname in the main section of the puppet\.conf file\. Setting it in a different section causes errors\.
|
283
280
|
.
|
284
281
|
.IP "" 0
|
285
282
|
.
|
@@ -287,15 +284,7 @@ The special value \fBca\fR is reserved, and can\'t be used as the certname for a
|
|
287
284
|
Defaults to the node\'s fully qualified domain name\.
|
288
285
|
.
|
289
286
|
.IP "\(bu" 4
|
290
|
-
\fIDefault\fR:
|
291
|
-
.
|
292
|
-
.IP "" 0
|
293
|
-
.
|
294
|
-
.SS "ciphers"
|
295
|
-
The list of ciphersuites for TLS connections initiated by puppet\. The default value is chosen to support TLS 1\.0 and up, but can be made more restrictive if needed\. The ciphersuites must be specified in OpenSSL format, not IANA\.
|
296
|
-
.
|
297
|
-
.IP "\(bu" 4
|
298
|
-
\fIDefault\fR: \fBECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-CHACHA20\-POLY1305:ECDHE\-RSA\-CHACHA20\-POLY1305:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384:DHE\-RSA\-CHACHA20\-POLY1305:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256:ECDHE\-ECDSA\-AES128\-SHA:ECDHE\-RSA\-AES128\-SHA:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES256\-SHA:ECDHE\-RSA\-AES256\-SHA:DHE\-RSA\-AES128\-SHA256:DHE\-RSA\-AES256\-SHA256:AES128\-GCM\-SHA256:AES256\-GCM\-SHA384:AES128\-SHA256:AES256\-SHA256\fR
|
287
|
+
\fIDefault\fR: the Host\'s fully qualified domain name, as determined by Facter
|
299
288
|
.
|
300
289
|
.IP "" 0
|
301
290
|
.
|
@@ -303,7 +292,7 @@ The list of ciphersuites for TLS connections initiated by puppet\. The default v
|
|
303
292
|
The file in which puppet agent stores a list of the classes associated with the retrieved configuration\. Can be loaded in the separate \fBpuppet\fR executable using the \fB\-\-loadclasses\fR option\.
|
304
293
|
.
|
305
294
|
.IP "\(bu" 4
|
306
|
-
\fIDefault\fR:
|
295
|
+
\fIDefault\fR: $statedir/classes\.txt
|
307
296
|
.
|
308
297
|
.IP "" 0
|
309
298
|
.
|
@@ -311,7 +300,7 @@ The file in which puppet agent stores a list of the classes associated with the
|
|
311
300
|
The directory in which serialized data is stored on the client\.
|
312
301
|
.
|
313
302
|
.IP "\(bu" 4
|
314
|
-
\fIDefault\fR:
|
303
|
+
\fIDefault\fR: $vardir/client_data
|
315
304
|
.
|
316
305
|
.IP "" 0
|
317
306
|
.
|
@@ -319,7 +308,7 @@ The directory in which serialized data is stored on the client\.
|
|
319
308
|
Where FileBucket files are stored locally\.
|
320
309
|
.
|
321
310
|
.IP "\(bu" 4
|
322
|
-
\fIDefault\fR:
|
311
|
+
\fIDefault\fR: $vardir/clientbucket
|
323
312
|
.
|
324
313
|
.IP "" 0
|
325
314
|
.
|
@@ -327,7 +316,7 @@ Where FileBucket files are stored locally\.
|
|
327
316
|
The directory in which client\-side YAML data is stored\.
|
328
317
|
.
|
329
318
|
.IP "\(bu" 4
|
330
|
-
\fIDefault\fR:
|
319
|
+
\fIDefault\fR: $vardir/client_yaml
|
331
320
|
.
|
332
321
|
.IP "" 0
|
333
322
|
.
|
@@ -338,7 +327,7 @@ Code to parse directly\. This is essentially only used by \fBpuppet\fR, and shou
|
|
338
327
|
The main Puppet code directory\. The default for this setting is calculated based on the user\. If the process is running as root or the user that Puppet is supposed to run as, it defaults to a system directory, but if it\'s running as any other user, it defaults to being in the user\'s home directory\.
|
339
328
|
.
|
340
329
|
.IP "\(bu" 4
|
341
|
-
\fIDefault\fR:
|
330
|
+
\fIDefault\fR: Unix/Linux: /etc/puppetlabs/code \-\- Windows: C:\eProgramData\ePuppetLabs\ecode \-\- Non\-root user: ~/\.puppetlabs/etc/code
|
342
331
|
.
|
343
332
|
.IP "" 0
|
344
333
|
.
|
@@ -346,7 +335,7 @@ The main Puppet code directory\. The default for this setting is calculated base
|
|
346
335
|
Whether to use colors when logging to the console\. Valid values are \fBansi\fR (equivalent to \fBtrue\fR), \fBhtml\fR, and \fBfalse\fR, which produces no color\.
|
347
336
|
.
|
348
337
|
.IP "\(bu" 4
|
349
|
-
\fIDefault\fR:
|
338
|
+
\fIDefault\fR: ansi
|
350
339
|
.
|
351
340
|
.IP "" 0
|
352
341
|
.
|
@@ -354,7 +343,7 @@ Whether to use colors when logging to the console\. Valid values are \fBansi\fR
|
|
354
343
|
The main Puppet configuration directory\. The default for this setting is calculated based on the user\. If the process is running as root or the user that Puppet is supposed to run as, it defaults to a system directory, but if it\'s running as any other user, it defaults to being in the user\'s home directory\.
|
355
344
|
.
|
356
345
|
.IP "\(bu" 4
|
357
|
-
\fIDefault\fR:
|
346
|
+
\fIDefault\fR: Unix/Linux: /etc/puppetlabs/puppet \-\- Windows: C:\eProgramData\ePuppetLabs\epuppet\eetc \-\- Non\-root user: ~/\.puppetlabs/etc/puppet
|
358
347
|
.
|
359
348
|
.IP "" 0
|
360
349
|
.
|
@@ -362,7 +351,7 @@ The main Puppet configuration directory\. The default for this setting is calcul
|
|
362
351
|
The configuration file for the current puppet application\.
|
363
352
|
.
|
364
353
|
.IP "\(bu" 4
|
365
|
-
\fIDefault\fR:
|
354
|
+
\fIDefault\fR: $confdir/${config_file_name}
|
366
355
|
.
|
367
356
|
.IP "" 0
|
368
357
|
.
|
@@ -370,7 +359,7 @@ The configuration file for the current puppet application\.
|
|
370
359
|
The name of the puppet config file\.
|
371
360
|
.
|
372
361
|
.IP "\(bu" 4
|
373
|
-
\fIDefault\fR:
|
362
|
+
\fIDefault\fR: puppet\.conf
|
374
363
|
.
|
375
364
|
.IP "" 0
|
376
365
|
.
|
@@ -392,13 +381,12 @@ In general, the duration should be greater than the \fBruninterval\fR\. Setting
|
|
392
381
|
.P
|
393
382
|
If the agent downloads a new CRL, the agent will use it for subsequent network requests\. If the refresh request fails or if the CRL is unchanged on the server, then the agent run will continue using the local CRL it already has\.This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
394
383
|
.
|
395
|
-
.
|
396
|
-
\fIDefault\fR:
|
397
|
-
|
398
|
-
.IP "" 0
|
384
|
+
.TP
|
385
|
+
\fIDefault\fR:
|
386
|
+
|
399
387
|
.
|
400
388
|
.SS "csr_attributes"
|
401
|
-
An optional file containing custom attributes to add to certificate signing requests (CSRs)\. You should ensure that this file does not exist on your CA
|
389
|
+
An optional file containing custom attributes to add to certificate signing requests (CSRs)\. You should ensure that this file does not exist on your CA puppet master; if it does, unwanted certificate extensions may leak into certificates created with the \fBpuppetserver ca generate\fR command\.
|
402
390
|
.
|
403
391
|
.P
|
404
392
|
If present, this file must be a YAML hash containing a \fBcustom_attributes\fR key and/or an \fBextension_requests\fR key\. The value of each key must be a hash, where each key is a valid OID and each value is an object that can be cast to a string\.
|
@@ -410,7 +398,7 @@ Custom attributes can be used by the CA when deciding whether to sign the certif
|
|
410
398
|
Extension requests will be permanently embedded in the final certificate\. Extension OIDs must be in the "ppRegCertExt" (\fB1\.3\.6\.1\.4\.1\.34380\.1\.1\fR), "ppPrivCertExt" (\fB1\.3\.6\.1\.4\.1\.34380\.1\.2\fR), or "ppAuthCertExt" (\fB1\.3\.6\.1\.4\.1\.34380\.1\.3\fR) OID arcs\. The ppRegCertExt arc is reserved for four of the most common pieces of data to embed: \fBpp_uuid\fR (\fB\.1\fR), \fBpp_instance_id\fR (\fB\.2\fR), \fBpp_image_name\fR (\fB\.3\fR), and \fBpp_preshared_key\fR (\fB\.4\fR) \-\-\- in the YAML file, these can be referred to by their short descriptive names instead of their full OID\. The ppPrivCertExt arc is unregulated, and can be used for site\-specific extensions\. The ppAuthCert arc is reserved for two pieces of data to embed: \fBpp_authorization\fR (\fB\.1\fR) and \fBpp_auth_role\fR (\fB\.13\fR)\. As with ppRegCertExt, in the YAML file, these can be referred to by their short descriptive name instead of their full OID\.
|
411
399
|
.
|
412
400
|
.IP "\(bu" 4
|
413
|
-
\fIDefault\fR:
|
401
|
+
\fIDefault\fR: $confdir/csr_attributes\.yaml
|
414
402
|
.
|
415
403
|
.IP "" 0
|
416
404
|
.
|
@@ -418,7 +406,7 @@ Extension requests will be permanently embedded in the final certificate\. Exten
|
|
418
406
|
Where the CA stores certificate requests\.
|
419
407
|
.
|
420
408
|
.IP "\(bu" 4
|
421
|
-
\fIDefault\fR:
|
409
|
+
\fIDefault\fR: $cadir/requests
|
422
410
|
.
|
423
411
|
.IP "" 0
|
424
412
|
.
|
@@ -426,7 +414,7 @@ Where the CA stores certificate requests\.
|
|
426
414
|
Whether to send the process into the background\. This defaults to true on POSIX systems, and to false on Windows (where Puppet currently cannot daemonize)\.
|
427
415
|
.
|
428
416
|
.IP "\(bu" 4
|
429
|
-
\fIDefault\fR:
|
417
|
+
\fIDefault\fR: true
|
430
418
|
.
|
431
419
|
.IP "" 0
|
432
420
|
.
|
@@ -434,7 +422,7 @@ Whether to send the process into the background\. This defaults to true on POSIX
|
|
434
422
|
This setting has been deprecated\. Use of any value other than \'hiera\' should instead be configured in a version 5 hiera\.yaml\. Until this setting is removed, it controls which data binding terminus to use for global automatic data binding (across all environments)\. By default this value is \'hiera\'\. A value of \'none\' turns off the global binding\.
|
435
423
|
.
|
436
424
|
.IP "\(bu" 4
|
437
|
-
\fIDefault\fR:
|
425
|
+
\fIDefault\fR: hiera
|
438
426
|
.
|
439
427
|
.IP "" 0
|
440
428
|
.
|
@@ -442,7 +430,7 @@ This setting has been deprecated\. Use of any value other than \'hiera\' should
|
|
442
430
|
The default source for files if no server is given in a uri, e\.g\. puppet:///file\. The default of \fBrest\fR causes the file to be retrieved using the \fBserver\fR setting\. When running \fBapply\fR the default is \fBfile_server\fR, causing requests to be filled locally\.
|
443
431
|
.
|
444
432
|
.IP "\(bu" 4
|
445
|
-
\fIDefault\fR:
|
433
|
+
\fIDefault\fR: rest
|
446
434
|
.
|
447
435
|
.IP "" 0
|
448
436
|
.
|
@@ -456,7 +444,7 @@ This setting\'s value can be an absolute or relative path\. An absolute path wil
|
|
456
444
|
In either case, the path can point to a single file or to a directory of manifests to be evaluated in alphabetical order\.
|
457
445
|
.
|
458
446
|
.IP "\(bu" 4
|
459
|
-
\fIDefault\fR:
|
447
|
+
\fIDefault\fR: \./manifests
|
460
448
|
.
|
461
449
|
.IP "" 0
|
462
450
|
.
|
@@ -464,7 +452,7 @@ In either case, the path can point to a single file or to a directory of manifes
|
|
464
452
|
Boolean; whether to generate the default schedule resources\. Setting this to false is useful for keeping external report processors clean of skipped schedule resources\.
|
465
453
|
.
|
466
454
|
.IP "\(bu" 4
|
467
|
-
\fIDefault\fR:
|
455
|
+
\fIDefault\fR: true
|
468
456
|
.
|
469
457
|
.IP "" 0
|
470
458
|
.
|
@@ -472,7 +460,7 @@ Boolean; whether to generate the default schedule resources\. Setting this to fa
|
|
472
460
|
The root directory of devices\' $confdir\.
|
473
461
|
.
|
474
462
|
.IP "\(bu" 4
|
475
|
-
\fIDefault\fR:
|
463
|
+
\fIDefault\fR: $confdir/devices
|
476
464
|
.
|
477
465
|
.IP "" 0
|
478
466
|
.
|
@@ -480,7 +468,7 @@ The root directory of devices\' $confdir\.
|
|
480
468
|
Path to the device config file for puppet device\.
|
481
469
|
.
|
482
470
|
.IP "\(bu" 4
|
483
|
-
\fIDefault\fR:
|
471
|
+
\fIDefault\fR: $confdir/device\.conf
|
484
472
|
.
|
485
473
|
.IP "" 0
|
486
474
|
.
|
@@ -488,7 +476,7 @@ Path to the device config file for puppet device\.
|
|
488
476
|
The root directory of devices\' $vardir\.
|
489
477
|
.
|
490
478
|
.IP "\(bu" 4
|
491
|
-
\fIDefault\fR:
|
479
|
+
\fIDefault\fR: $vardir/devices
|
492
480
|
.
|
493
481
|
.IP "" 0
|
494
482
|
.
|
@@ -496,7 +484,7 @@ The root directory of devices\' $vardir\.
|
|
496
484
|
Which diff command to use when printing differences between files\. This setting has no default value on Windows, as standard \fBdiff\fR is not available, but Puppet can use many third\-party diff tools\.
|
497
485
|
.
|
498
486
|
.IP "\(bu" 4
|
499
|
-
\fIDefault\fR:
|
487
|
+
\fIDefault\fR: diff
|
500
488
|
.
|
501
489
|
.IP "" 0
|
502
490
|
.
|
@@ -504,15 +492,15 @@ Which diff command to use when printing differences between files\. This setting
|
|
504
492
|
Which arguments to pass to the diff command when printing differences between files\. The command to use can be chosen with the \fBdiff\fR setting\.
|
505
493
|
.
|
506
494
|
.IP "\(bu" 4
|
507
|
-
\fIDefault\fR:
|
495
|
+
\fIDefault\fR: \-u
|
508
496
|
.
|
509
497
|
.IP "" 0
|
510
498
|
.
|
511
499
|
.SS "digest_algorithm"
|
512
|
-
Which digest algorithm to use for file resources and the filebucket\. Valid values are
|
500
|
+
Which digest algorithm to use for file resources and the filebucket\. Valid values are sha256, sha384, sha512, sha224, md5\. Default is sha256\.
|
513
501
|
.
|
514
502
|
.IP "\(bu" 4
|
515
|
-
\fIDefault\fR:
|
503
|
+
\fIDefault\fR: sha256
|
516
504
|
.
|
517
505
|
.IP "" 0
|
518
506
|
.
|
@@ -520,7 +508,7 @@ Which digest algorithm to use for file resources and the filebucket\. Valid valu
|
|
520
508
|
If true, turns off all translations of Puppet and module log messages, which affects error, warning, and info log messages, as well as any translations in the report and CLI\.
|
521
509
|
.
|
522
510
|
.IP "\(bu" 4
|
523
|
-
\fIDefault\fR:
|
511
|
+
\fIDefault\fR: true
|
524
512
|
.
|
525
513
|
.IP "" 0
|
526
514
|
.
|
@@ -531,7 +519,7 @@ Whether to disallow an environment\-specific main manifest\. When set to \fBtrue
|
|
531
519
|
This setting requires \fBdefault_manifest\fR to be set to an absolute path\.
|
532
520
|
.
|
533
521
|
.IP "\(bu" 4
|
534
|
-
\fIDefault\fR:
|
522
|
+
\fIDefault\fR: false
|
535
523
|
.
|
536
524
|
.IP "" 0
|
537
525
|
.
|
@@ -554,7 +542,7 @@ Valid values for this setting are:
|
|
554
542
|
\fBundefined_resources\fR \-\-\- disables warnings about non existing resources\.
|
555
543
|
.
|
556
544
|
.IP "\(bu" 4
|
557
|
-
\fIDefault\fR:
|
545
|
+
\fIDefault\fR: []
|
558
546
|
.
|
559
547
|
.IP "" 0
|
560
548
|
.
|
@@ -565,7 +553,7 @@ A comma\-separated list of alternate DNS names for Puppet Server\. These are ext
|
|
565
553
|
In order to handle agent requests at a given hostname (like "puppet\.example\.com"), Puppet Server needs a certificate that proves it\'s allowed to use that name; if a server shows a certificate that doesn\'t include its hostname, Puppet agents will refuse to trust it\. If you use a single hostname for Puppet traffic but load\-balance it to multiple Puppet Servers, each of those servers needs to include the official hostname in its list of extra names\.
|
566
554
|
.
|
567
555
|
.P
|
568
|
-
\fBNote:\fR The list of alternate names is locked in when the server\'s certificate is signed\. If you need to change the list later, you can\'t just change this setting; you also need to regenerate the certificate\. For more information on that process, see the cert regen docs
|
556
|
+
\fBNote:\fR The list of alternate names is locked in when the server\'s certificate is signed\. If you need to change the list later, you can\'t just change this setting; you also need to regenerate the certificate\. For more information on that process, see the [cert regen docs] (https://puppet\.com/docs/puppet/latest/ssl_regenerate_certificates\.html)\.
|
569
557
|
.
|
570
558
|
.P
|
571
559
|
To see all the alternate names your servers are using, log into your CA server and run \fBpuppetserver ca list \-\-all\fR, then check the output for \fB(alt names: \.\.\.)\fR\. Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust\.
|
@@ -574,15 +562,15 @@ To see all the alternate names your servers are using, log into your CA server a
|
|
574
562
|
Whether to document all resources when using \fBpuppet doc\fR to generate manifest documentation\.
|
575
563
|
.
|
576
564
|
.IP "\(bu" 4
|
577
|
-
\fIDefault\fR:
|
565
|
+
\fIDefault\fR: false
|
578
566
|
.
|
579
567
|
.IP "" 0
|
580
568
|
.
|
581
569
|
.SS "environment"
|
582
|
-
The environment in which Puppet is running\. For clients, such as \fBpuppet agent\fR, this determines the environment itself, which Puppet uses to find modules and much more\. For servers, such as \fBpuppet
|
570
|
+
The environment in which Puppet is running\. For clients, such as \fBpuppet agent\fR, this determines the environment itself, which Puppet uses to find modules and much more\. For servers, such as \fBpuppet master\fR, this provides the default environment for nodes that Puppet knows nothing about\.
|
583
571
|
.
|
584
572
|
.P
|
585
|
-
When defining an environment in the \fB[agent]\fR section, this refers to the environment that the agent requests from the
|
573
|
+
When defining an environment in the \fB[agent]\fR section, this refers to the environment that the agent requests from the master\. The environment doesn\'t have to exist on the local filesystem because the agent fetches it from the master\. This definition is used when running \fBpuppet agent\fR\.
|
586
574
|
.
|
587
575
|
.P
|
588
576
|
When defined in the \fB[user]\fR section, the environment refers to the path that Puppet uses to search for code and modules related to its execution\. This requires the environment to exist locally on the filesystem where puppet is being executed\. Puppet subcommands, including \fBpuppet module\fR and \fBpuppet apply\fR, use this definition\.
|
@@ -591,23 +579,22 @@ When defined in the \fB[user]\fR section, the environment refers to the path tha
|
|
591
579
|
Given that the context and effects vary depending on the config section \fIhttps://puppet\.com/docs/puppet/latest/config_file_main\.html#config\-sections\fR in which the \fBenvironment\fR setting is defined, do not set it globally\.
|
592
580
|
.
|
593
581
|
.IP "\(bu" 4
|
594
|
-
\fIDefault\fR:
|
582
|
+
\fIDefault\fR: production
|
595
583
|
.
|
596
584
|
.IP "" 0
|
597
585
|
.
|
598
586
|
.SS "environment_data_provider"
|
599
587
|
The name of a registered environment data provider used when obtaining environment specific data\. The three built in and registered providers are \'none\' (no data), \'function\' (data obtained by calling the function \'environment::data()\') and \'hiera\' (data obtained using a data provider configured using a hiera\.yaml file in root of the environment)\. Other environment data providers may be registered in modules on the module path\. For such custom data providers see the respective module documentation\. This setting is deprecated\.
|
600
588
|
.
|
601
|
-
.
|
602
|
-
\fIDefault\fR:
|
603
|
-
|
604
|
-
.IP "" 0
|
589
|
+
.TP
|
590
|
+
\fIDefault\fR:
|
591
|
+
|
605
592
|
.
|
606
593
|
.SS "environment_timeout"
|
607
594
|
How long the Puppet server should cache data it loads from an environment\.
|
608
595
|
.
|
609
596
|
.P
|
610
|
-
A value of \fB0\fR will disable caching\. This setting can also be set to \fBunlimited\fR, which will cache environments until the server is restarted or told to refresh the cache\. All other values will result in Puppet server evicting
|
597
|
+
A value of \fB0\fR will disable caching\. This setting can also be set to \fBunlimited\fR, which will cache environments until the server is restarted or told to refresh the cache\. All other values will result in Puppet server evicting environments that haven\'t been used within the last \fBenvironment_timeout\fR seconds\.
|
611
598
|
.
|
612
599
|
.P
|
613
600
|
You should change this setting once your Puppet deployment is doing non\-trivial work\. We chose the default value of \fB0\fR because it lets new users update their code without any extra steps, but it lowers the performance of your Puppet server\. We recommend either:
|
@@ -616,7 +603,7 @@ You should change this setting once your Puppet deployment is doing non\-trivial
|
|
616
603
|
Setting this to \fBunlimited\fR and explicitly refreshing your Puppet server as part of your code deployment process\.
|
617
604
|
.
|
618
605
|
.IP "\(bu" 4
|
619
|
-
Setting this to a number that will keep your most actively used environments cached, but allow testing environments to fall out of the cache and reduce memory usage\. A value of 3 minutes (3m) is a reasonable value\.
|
606
|
+
Setting this to a number that will keep your most actively used environments cached, but allow testing environments to fall out of the cache and reduce memory usage\. A value of 3 minutes (3m) is a reasonable value\.
|
620
607
|
.
|
621
608
|
.IP "" 0
|
622
609
|
.
|
@@ -624,15 +611,7 @@ Setting this to a number that will keep your most actively used environments cac
|
|
624
611
|
Once you set \fBenvironment_timeout\fR to a non\-zero value, you need to tell Puppet server to read new code from disk using the \fBenvironment\-cache\fR API endpoint after you deploy new code\. See the docs for the Puppet Server administrative API \fIhttps://puppet\.com/docs/puppetserver/latest/admin\-api/v1/environment\-cache\.html\fR\.
|
625
612
|
.
|
626
613
|
.IP "\(bu" 4
|
627
|
-
\fIDefault\fR:
|
628
|
-
.
|
629
|
-
.IP "" 0
|
630
|
-
.
|
631
|
-
.SS "environment_timeout_mode"
|
632
|
-
How Puppet interprets the \fBenvironment_timeout\fR setting when \fBenvironment_timeout\fR is neither \fB0\fR nor \fBunlimited\fR\. If set to \fBfrom_created\fR, then the environment will be evicted \fBenvironment_timeout\fR seconds from when it was created\. If set to \fBfrom_last_used\fR then the environment will be evicted \fBenvironment_timeout\fR seconds from when it was last used\.
|
633
|
-
.
|
634
|
-
.IP "\(bu" 4
|
635
|
-
\fIDefault\fR: \fBfrom_created\fR
|
614
|
+
\fIDefault\fR: 0
|
636
615
|
.
|
637
616
|
.IP "" 0
|
638
617
|
.
|
@@ -643,7 +622,7 @@ A search path for directory environments, as a list of directories separated by
|
|
643
622
|
This setting must have a value set to enable \fBdirectory environments\.\fR The recommended value is \fB$codedir/environments\fR\. For more details, see \fIhttps://puppet\.com/docs/puppet/latest/environments_about\.html\fR
|
644
623
|
.
|
645
624
|
.IP "\(bu" 4
|
646
|
-
\fIDefault\fR:
|
625
|
+
\fIDefault\fR: $codedir/environments
|
647
626
|
.
|
648
627
|
.IP "" 0
|
649
628
|
.
|
@@ -651,7 +630,7 @@ This setting must have a value set to enable \fBdirectory environments\.\fR The
|
|
651
630
|
Whether each resource should log when it is being evaluated\. This allows you to interactively see exactly what is being done\.
|
652
631
|
.
|
653
632
|
.IP "\(bu" 4
|
654
|
-
\fIDefault\fR:
|
633
|
+
\fIDefault\fR: false
|
655
634
|
.
|
656
635
|
.IP "" 0
|
657
636
|
.
|
@@ -693,15 +672,7 @@ Generally, an ENC script makes requests to an external data source\.
|
|
693
672
|
For more info, see the ENC documentation \fIhttps://puppet\.com/docs/puppet/latest/nodes_external\.html\fR\.
|
694
673
|
.
|
695
674
|
.IP "\(bu" 4
|
696
|
-
\fIDefault\fR:
|
697
|
-
.
|
698
|
-
.IP "" 0
|
699
|
-
.
|
700
|
-
.SS "facterng"
|
701
|
-
Whether to enable a pre\-Facter 4\.0 release of Facter (distributed as the "facter\-ng" gem)\. This is not necessary if Facter 3\.x or later is installed\. This setting is still experimental\.
|
702
|
-
.
|
703
|
-
.IP "\(bu" 4
|
704
|
-
\fIDefault\fR: \fBfalse\fR
|
675
|
+
\fIDefault\fR: none
|
705
676
|
.
|
706
677
|
.IP "" 0
|
707
678
|
.
|
@@ -709,7 +680,7 @@ Whether to enable a pre\-Facter 4\.0 release of Facter (distributed as the "fact
|
|
709
680
|
Where Puppet should look for facts\. Multiple directories should be separated by the system path separator character\. (The POSIX path separator is \':\', and the Windows path separator is \';\'\.)
|
710
681
|
.
|
711
682
|
.IP "\(bu" 4
|
712
|
-
\fIDefault\fR:
|
683
|
+
\fIDefault\fR: $vardir/lib/facter:$vardir/facts
|
713
684
|
.
|
714
685
|
.IP "" 0
|
715
686
|
.
|
@@ -717,7 +688,7 @@ Where Puppet should look for facts\. Multiple directories should be separated by
|
|
717
688
|
The node facts terminus\.
|
718
689
|
.
|
719
690
|
.IP "\(bu" 4
|
720
|
-
\fIDefault\fR:
|
691
|
+
\fIDefault\fR: facter
|
721
692
|
.
|
722
693
|
.IP "" 0
|
723
694
|
.
|
@@ -725,7 +696,7 @@ The node facts terminus\.
|
|
725
696
|
Where the fileserver configuration is stored\.
|
726
697
|
.
|
727
698
|
.IP "\(bu" 4
|
728
|
-
\fIDefault\fR:
|
699
|
+
\fIDefault\fR: $confdir/fileserver\.conf
|
729
700
|
.
|
730
701
|
.IP "" 0
|
731
702
|
.
|
@@ -733,39 +704,22 @@ Where the fileserver configuration is stored\.
|
|
733
704
|
The minimum time to wait between checking for updates in configuration files\. This timeout determines how quickly Puppet checks whether a file (such as manifests or puppet\.conf) has changed on disk\. The default will change in a future release to be \'unlimited\', requiring a reload of the Puppet service to pick up changes to its internal configuration\. Currently we do not accept a value of \'unlimited\'\. To reparse files within an environment in Puppet Server please use the environment_cache endpoint
|
734
705
|
.
|
735
706
|
.IP "\(bu" 4
|
736
|
-
\fIDefault\fR:
|
707
|
+
\fIDefault\fR: 15s
|
737
708
|
.
|
738
709
|
.IP "" 0
|
739
710
|
.
|
740
711
|
.SS "forge_authorization"
|
741
712
|
The authorization key to connect to the Puppet Forge\. Leave blank for unauthorized or license based connections
|
742
713
|
.
|
743
|
-
.
|
744
|
-
\fIDefault\fR:
|
745
|
-
|
746
|
-
.IP "" 0
|
714
|
+
.TP
|
715
|
+
\fIDefault\fR:
|
716
|
+
|
747
717
|
.
|
748
718
|
.SS "freeze_main"
|
749
719
|
Freezes the \'main\' class, disallowing any code to be added to it\. This essentially means that you can\'t have any code outside of a node, class, or definition other than in the site manifest\.
|
750
720
|
.
|
751
721
|
.IP "\(bu" 4
|
752
|
-
\fIDefault\fR:
|
753
|
-
.
|
754
|
-
.IP "" 0
|
755
|
-
.
|
756
|
-
.SS "func3x_check"
|
757
|
-
Causes validation of loaded legacy Ruby functions (3x API) to raise errors about illegal constructs that could cause harm or that simply does not work\. This flag is on by default\. This flag is made available so that the validation can be turned off in case the method of validation is faulty \- if encountered, please file a bug report\.
|
758
|
-
.
|
759
|
-
.IP "\(bu" 4
|
760
|
-
\fIDefault\fR: \fBtrue\fR
|
761
|
-
.
|
762
|
-
.IP "" 0
|
763
|
-
.
|
764
|
-
.SS "future_features"
|
765
|
-
Whether or not to enable all features currently being developed for future major releases of Puppet\. Should be used with caution, as in development features are experimental and can have unexpected effects\.
|
766
|
-
.
|
767
|
-
.IP "\(bu" 4
|
768
|
-
\fIDefault\fR: \fBfalse\fR
|
722
|
+
\fIDefault\fR: false
|
769
723
|
.
|
770
724
|
.IP "" 0
|
771
725
|
.
|
@@ -773,7 +727,7 @@ Whether or not to enable all features currently being developed for future major
|
|
773
727
|
When true, causes Puppet applications to print an example config file to stdout and exit\. The example will include descriptions of each setting, and the current (or default) value of each setting, incorporating any settings overridden on the CLI (with the exception of \fBgenconfig\fR itself)\. This setting only makes sense when specified on the command line as \fB\-\-genconfig\fR\.
|
774
728
|
.
|
775
729
|
.IP "\(bu" 4
|
776
|
-
\fIDefault\fR:
|
730
|
+
\fIDefault\fR: false
|
777
731
|
.
|
778
732
|
.IP "" 0
|
779
733
|
.
|
@@ -781,7 +735,7 @@ When true, causes Puppet applications to print an example config file to stdout
|
|
781
735
|
Whether to just print a manifest to stdout and exit\. Only makes sense when specified on the command line as \fB\-\-genmanifest\fR\. Takes into account arguments specified on the CLI\.
|
782
736
|
.
|
783
737
|
.IP "\(bu" 4
|
784
|
-
\fIDefault\fR:
|
738
|
+
\fIDefault\fR: false
|
785
739
|
.
|
786
740
|
.IP "" 0
|
787
741
|
.
|
@@ -798,7 +752,7 @@ The \fBgraphdir\fR setting determines where Puppet will save graphs\. Note that
|
|
798
752
|
See your graphing software\'s documentation for details on opening \.dot files\. If you\'re using GraphViz\'s \fBdot\fR command, you can do a quick PNG render with \fBdot \-Tpng <DOT FILE> \-o <OUTPUT FILE>\fR\.
|
799
753
|
.
|
800
754
|
.IP "\(bu" 4
|
801
|
-
\fIDefault\fR:
|
755
|
+
\fIDefault\fR: false
|
802
756
|
.
|
803
757
|
.IP "" 0
|
804
758
|
.
|
@@ -806,7 +760,7 @@ See your graphing software\'s documentation for details on opening \.dot files\.
|
|
806
760
|
Where to save \.dot\-format graphs (when the \fBgraph\fR setting is enabled)\.
|
807
761
|
.
|
808
762
|
.IP "\(bu" 4
|
809
|
-
\fIDefault\fR:
|
763
|
+
\fIDefault\fR: $statedir/graphs
|
810
764
|
.
|
811
765
|
.IP "" 0
|
812
766
|
.
|
@@ -814,7 +768,7 @@ Where to save \.dot\-format graphs (when the \fBgraph\fR setting is enabled)\.
|
|
814
768
|
The group Puppet Server will run as\. Used to ensure the agent side processes (agent, apply, etc) create files and directories readable by Puppet Server when necessary\.
|
815
769
|
.
|
816
770
|
.IP "\(bu" 4
|
817
|
-
\fIDefault\fR:
|
771
|
+
\fIDefault\fR: puppet
|
818
772
|
.
|
819
773
|
.IP "" 0
|
820
774
|
.
|
@@ -822,7 +776,7 @@ The group Puppet Server will run as\. Used to ensure the agent side processes (a
|
|
822
776
|
The hiera configuration file\. Puppet only reads this file on startup, so you must restart the puppet server every time you edit it\.
|
823
777
|
.
|
824
778
|
.IP "\(bu" 4
|
825
|
-
\fIDefault\fR:
|
779
|
+
\fIDefault\fR: $confdir/hiera\.yaml\. However, for backwards compatibility, if a file exists at $codedir/hiera\.yaml, Puppet uses that instead\.
|
826
780
|
.
|
827
781
|
.IP "" 0
|
828
782
|
.
|
@@ -830,7 +784,7 @@ The hiera configuration file\. Puppet only reads this file on startup, so you mu
|
|
830
784
|
Where individual hosts store and look for their certificates\.
|
831
785
|
.
|
832
786
|
.IP "\(bu" 4
|
833
|
-
\fIDefault\fR:
|
787
|
+
\fIDefault\fR: $certdir/$certname\.pem
|
834
788
|
.
|
835
789
|
.IP "" 0
|
836
790
|
.
|
@@ -838,15 +792,15 @@ Where individual hosts store and look for their certificates\.
|
|
838
792
|
Where the host\'s certificate revocation list can be found\. This is distinct from the certificate authority\'s CRL\.
|
839
793
|
.
|
840
794
|
.IP "\(bu" 4
|
841
|
-
\fIDefault\fR:
|
795
|
+
\fIDefault\fR: $ssldir/crl\.pem
|
842
796
|
.
|
843
797
|
.IP "" 0
|
844
798
|
.
|
845
799
|
.SS "hostcsr"
|
846
|
-
|
800
|
+
Where individual hosts store their certificate request (CSR) while waiting for the CA to issue their certificate\.
|
847
801
|
.
|
848
802
|
.IP "\(bu" 4
|
849
|
-
\fIDefault\fR:
|
803
|
+
\fIDefault\fR: $requestdir/$certname\.pem
|
850
804
|
.
|
851
805
|
.IP "" 0
|
852
806
|
.
|
@@ -854,7 +808,7 @@ This setting is deprecated\.
|
|
854
808
|
Where individual hosts store and look for their private key\.
|
855
809
|
.
|
856
810
|
.IP "\(bu" 4
|
857
|
-
\fIDefault\fR:
|
811
|
+
\fIDefault\fR: $privatekeydir/$certname\.pem
|
858
812
|
.
|
859
813
|
.IP "" 0
|
860
814
|
.
|
@@ -862,7 +816,7 @@ Where individual hosts store and look for their private key\.
|
|
862
816
|
Where individual hosts store and look for their public key\.
|
863
817
|
.
|
864
818
|
.IP "\(bu" 4
|
865
|
-
\fIDefault\fR:
|
819
|
+
\fIDefault\fR: $publickeydir/$certname\.pem
|
866
820
|
.
|
867
821
|
.IP "" 0
|
868
822
|
.
|
@@ -870,7 +824,7 @@ Where individual hosts store and look for their public key\.
|
|
870
824
|
The maximum amount of time to wait when establishing an HTTP connection\. The default value is 2 minutes\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
871
825
|
.
|
872
826
|
.IP "\(bu" 4
|
873
|
-
\fIDefault\fR:
|
827
|
+
\fIDefault\fR: 2m
|
874
828
|
.
|
875
829
|
.IP "" 0
|
876
830
|
.
|
@@ -878,15 +832,15 @@ The maximum amount of time to wait when establishing an HTTP connection\. The de
|
|
878
832
|
Whether to write HTTP request and responses to stderr\. This should never be used in a production environment\.
|
879
833
|
.
|
880
834
|
.IP "\(bu" 4
|
881
|
-
\fIDefault\fR:
|
835
|
+
\fIDefault\fR: false
|
882
836
|
.
|
883
837
|
.IP "" 0
|
884
838
|
.
|
885
839
|
.SS "http_extra_headers"
|
886
|
-
The list of extra headers that will be sent with http requests to the
|
840
|
+
The list of extra headers that will be sent with http requests to the master\. The header definition consists of a name and a value separated by a colon\.
|
887
841
|
.
|
888
842
|
.IP "\(bu" 4
|
889
|
-
\fIDefault\fR:
|
843
|
+
\fIDefault\fR: []
|
890
844
|
.
|
891
845
|
.IP "" 0
|
892
846
|
.
|
@@ -894,7 +848,7 @@ The list of extra headers that will be sent with http requests to the primary se
|
|
894
848
|
The maximum amount of time a persistent HTTP connection can remain idle in the connection pool, before it is closed\. This timeout should be shorter than the keepalive timeout used on the HTTP server, e\.g\. Apache KeepAliveTimeout directive\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
895
849
|
.
|
896
850
|
.IP "\(bu" 4
|
897
|
-
\fIDefault\fR:
|
851
|
+
\fIDefault\fR: 4s
|
898
852
|
.
|
899
853
|
.IP "" 0
|
900
854
|
.
|
@@ -902,7 +856,7 @@ The maximum amount of time a persistent HTTP connection can remain idle in the c
|
|
902
856
|
The HTTP proxy host to use for outgoing connections\. The proxy will be bypassed if the server\'s hostname matches the NO_PROXY environment variable or \fBno_proxy\fR setting\. Note: You may need to use a FQDN for the server hostname when using a proxy\. Environment variable http_proxy or HTTP_PROXY will override this value\.
|
903
857
|
.
|
904
858
|
.IP "\(bu" 4
|
905
|
-
\fIDefault\fR:
|
859
|
+
\fIDefault\fR: none
|
906
860
|
.
|
907
861
|
.IP "" 0
|
908
862
|
.
|
@@ -913,7 +867,7 @@ The password for the user of an authenticated HTTP proxy\. Requires the \fBhttp_
|
|
913
867
|
Note that passwords must be valid when used as part of a URL\. If a password contains any characters with special meanings in URLs (as specified by RFC 3986 section 2\.2), they must be URL\-encoded\. (For example, \fB#\fR would become \fB%23\fR\.)
|
914
868
|
.
|
915
869
|
.IP "\(bu" 4
|
916
|
-
\fIDefault\fR:
|
870
|
+
\fIDefault\fR: none
|
917
871
|
.
|
918
872
|
.IP "" 0
|
919
873
|
.
|
@@ -921,7 +875,7 @@ Note that passwords must be valid when used as part of a URL\. If a password con
|
|
921
875
|
The HTTP proxy port to use for outgoing connections
|
922
876
|
.
|
923
877
|
.IP "\(bu" 4
|
924
|
-
\fIDefault\fR:
|
878
|
+
\fIDefault\fR: 3128
|
925
879
|
.
|
926
880
|
.IP "" 0
|
927
881
|
.
|
@@ -929,7 +883,7 @@ The HTTP proxy port to use for outgoing connections
|
|
929
883
|
The user name for an authenticated HTTP proxy\. Requires the \fBhttp_proxy_host\fR setting\.
|
930
884
|
.
|
931
885
|
.IP "\(bu" 4
|
932
|
-
\fIDefault\fR:
|
886
|
+
\fIDefault\fR: none
|
933
887
|
.
|
934
888
|
.IP "" 0
|
935
889
|
.
|
@@ -937,7 +891,7 @@ The user name for an authenticated HTTP proxy\. Requires the \fBhttp_proxy_host\
|
|
937
891
|
The time to wait for data to be read from an HTTP connection\. If nothing is read after the elapsed interval then the connection will be closed\. The default value is 10 minutes\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
938
892
|
.
|
939
893
|
.IP "\(bu" 4
|
940
|
-
\fIDefault\fR:
|
894
|
+
\fIDefault\fR: 10m
|
941
895
|
.
|
942
896
|
.IP "" 0
|
943
897
|
.
|
@@ -945,7 +899,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
|
|
945
899
|
The HTTP User\-Agent string to send when making network requests\.
|
946
900
|
.
|
947
901
|
.IP "\(bu" 4
|
948
|
-
\fIDefault\fR:
|
902
|
+
\fIDefault\fR: Puppet/7\.0\.0 Ruby/2\.5\.1\-p57 (x86_64\-linux)
|
949
903
|
.
|
950
904
|
.IP "" 0
|
951
905
|
.
|
@@ -953,15 +907,15 @@ The HTTP User\-Agent string to send when making network requests\.
|
|
953
907
|
Whether the puppet run should ignore errors during pluginsync\. If the setting is false and there are errors during pluginsync, then the agent will abort the run and submit a report containing information about the failed run\.
|
954
908
|
.
|
955
909
|
.IP "\(bu" 4
|
956
|
-
\fIDefault\fR:
|
910
|
+
\fIDefault\fR: false
|
957
911
|
.
|
958
912
|
.IP "" 0
|
959
913
|
.
|
960
914
|
.SS "ignoremissingtypes"
|
961
|
-
Skip searching for classes and definitions that were missing during a prior compilation\. The list of missing objects is maintained per\-environment and persists until the environment is cleared or the
|
915
|
+
Skip searching for classes and definitions that were missing during a prior compilation\. The list of missing objects is maintained per\-environment and persists until the environment is cleared or the master is restarted\.
|
962
916
|
.
|
963
917
|
.IP "\(bu" 4
|
964
|
-
\fIDefault\fR:
|
918
|
+
\fIDefault\fR: false
|
965
919
|
.
|
966
920
|
.IP "" 0
|
967
921
|
.
|
@@ -969,7 +923,7 @@ Skip searching for classes and definitions that were missing during a prior comp
|
|
969
923
|
Boolean; whether puppet agent should ignore schedules\. This is useful for initial puppet agent runs\.
|
970
924
|
.
|
971
925
|
.IP "\(bu" 4
|
972
|
-
\fIDefault\fR:
|
926
|
+
\fIDefault\fR: false
|
973
927
|
.
|
974
928
|
.IP "" 0
|
975
929
|
.
|
@@ -977,7 +931,7 @@ Boolean; whether puppet agent should ignore schedules\. This is useful for initi
|
|
977
931
|
The type of private key\. Valid values are \fBrsa\fR and \fBec\fR\. Default is \fBrsa\fR\.
|
978
932
|
.
|
979
933
|
.IP "\(bu" 4
|
980
|
-
\fIDefault\fR:
|
934
|
+
\fIDefault\fR: rsa
|
981
935
|
.
|
982
936
|
.IP "" 0
|
983
937
|
.
|
@@ -985,7 +939,7 @@ The type of private key\. Valid values are \fBrsa\fR and \fBec\fR\. Default is \
|
|
985
939
|
The bit length of keys\.
|
986
940
|
.
|
987
941
|
.IP "\(bu" 4
|
988
|
-
\fIDefault\fR:
|
942
|
+
\fIDefault\fR: 4096
|
989
943
|
.
|
990
944
|
.IP "" 0
|
991
945
|
.
|
@@ -993,7 +947,7 @@ The bit length of keys\.
|
|
993
947
|
Where puppet agent stores the last run report summary in yaml format\.
|
994
948
|
.
|
995
949
|
.IP "\(bu" 4
|
996
|
-
\fIDefault\fR:
|
950
|
+
\fIDefault\fR: $publicdir/last_run_summary\.yaml
|
997
951
|
.
|
998
952
|
.IP "" 0
|
999
953
|
.
|
@@ -1001,7 +955,7 @@ Where puppet agent stores the last run report summary in yaml format\.
|
|
1001
955
|
Where Puppet Agent stores the last run report, by default, in yaml format\. The format of the report can be changed by setting the \fBcache\fR key of the \fBreport\fR terminus in the routes\.yaml \fIhttps://puppet\.com/docs/puppet/latest/config_file_routes\.html\fR file\. To avoid mismatches between content and file extension, this setting needs to be manually updated to reflect the terminus changes\.
|
1002
956
|
.
|
1003
957
|
.IP "\(bu" 4
|
1004
|
-
\fIDefault\fR:
|
958
|
+
\fIDefault\fR: $statedir/last_run_report\.yaml
|
1005
959
|
.
|
1006
960
|
.IP "" 0
|
1007
961
|
.
|
@@ -1009,7 +963,7 @@ Where Puppet Agent stores the last run report, by default, in yaml format\. The
|
|
1009
963
|
The LDAP attributes to include when querying LDAP for nodes\. All returned attributes are set as variables in the top\-level scope\. Multiple values should be comma\-separated\. The value \'all\' returns all attributes\.
|
1010
964
|
.
|
1011
965
|
.IP "\(bu" 4
|
1012
|
-
\fIDefault\fR:
|
966
|
+
\fIDefault\fR: all
|
1013
967
|
.
|
1014
968
|
.IP "" 0
|
1015
969
|
.
|
@@ -1020,7 +974,7 @@ The search base for LDAP searches\. It\'s impossible to provide a meaningful def
|
|
1020
974
|
The LDAP attributes to use to define Puppet classes\. Values should be comma\-separated\.
|
1021
975
|
.
|
1022
976
|
.IP "\(bu" 4
|
1023
|
-
\fIDefault\fR:
|
977
|
+
\fIDefault\fR: puppetclass
|
1024
978
|
.
|
1025
979
|
.IP "" 0
|
1026
980
|
.
|
@@ -1028,7 +982,7 @@ The LDAP attributes to use to define Puppet classes\. Values should be comma\-se
|
|
1028
982
|
The attribute to use to define the parent node\.
|
1029
983
|
.
|
1030
984
|
.IP "\(bu" 4
|
1031
|
-
\fIDefault\fR:
|
985
|
+
\fIDefault\fR: parentnode
|
1032
986
|
.
|
1033
987
|
.IP "" 0
|
1034
988
|
.
|
@@ -1039,7 +993,7 @@ The password to use to connect to LDAP\.
|
|
1039
993
|
The LDAP port\.
|
1040
994
|
.
|
1041
995
|
.IP "\(bu" 4
|
1042
|
-
\fIDefault\fR:
|
996
|
+
\fIDefault\fR: 389
|
1043
997
|
.
|
1044
998
|
.IP "" 0
|
1045
999
|
.
|
@@ -1047,7 +1001,7 @@ The LDAP port\.
|
|
1047
1001
|
The LDAP server\.
|
1048
1002
|
.
|
1049
1003
|
.IP "\(bu" 4
|
1050
|
-
\fIDefault\fR:
|
1004
|
+
\fIDefault\fR: ldap
|
1051
1005
|
.
|
1052
1006
|
.IP "" 0
|
1053
1007
|
.
|
@@ -1055,7 +1009,7 @@ The LDAP server\.
|
|
1055
1009
|
Whether SSL should be used when searching for nodes\. Defaults to false because SSL usually requires certificates to be set up on the client side\.
|
1056
1010
|
.
|
1057
1011
|
.IP "\(bu" 4
|
1058
|
-
\fIDefault\fR:
|
1012
|
+
\fIDefault\fR: false
|
1059
1013
|
.
|
1060
1014
|
.IP "" 0
|
1061
1015
|
.
|
@@ -1063,7 +1017,7 @@ Whether SSL should be used when searching for nodes\. Defaults to false because
|
|
1063
1017
|
The LDAP attributes that should be stacked to arrays by adding the values in all hierarchy elements of the tree\. Values should be comma\-separated\.
|
1064
1018
|
.
|
1065
1019
|
.IP "\(bu" 4
|
1066
|
-
\fIDefault\fR:
|
1020
|
+
\fIDefault\fR: puppetvar
|
1067
1021
|
.
|
1068
1022
|
.IP "" 0
|
1069
1023
|
.
|
@@ -1071,7 +1025,7 @@ The LDAP attributes that should be stacked to arrays by adding the values in all
|
|
1071
1025
|
The search string used to find an LDAP node\.
|
1072
1026
|
.
|
1073
1027
|
.IP "\(bu" 4
|
1074
|
-
\fIDefault\fR:
|
1028
|
+
\fIDefault\fR: (&(objectclass=puppetClient)(cn=%s))
|
1075
1029
|
.
|
1076
1030
|
.IP "" 0
|
1077
1031
|
.
|
@@ -1079,7 +1033,7 @@ The search string used to find an LDAP node\.
|
|
1079
1033
|
Whether TLS should be used when searching for nodes\. Defaults to false because TLS usually requires certificates to be set up on the client side\.
|
1080
1034
|
.
|
1081
1035
|
.IP "\(bu" 4
|
1082
|
-
\fIDefault\fR:
|
1036
|
+
\fIDefault\fR: false
|
1083
1037
|
.
|
1084
1038
|
.IP "" 0
|
1085
1039
|
.
|
@@ -1090,7 +1044,7 @@ The user to use to connect to LDAP\. Must be specified as a full DN\.
|
|
1090
1044
|
An extra search path for Puppet\. This is only useful for those files that Puppet will load on demand, and is only guaranteed to work for those cases\. In fact, the autoload mechanism is responsible for making sure this directory is in Ruby\'s search path
|
1091
1045
|
.
|
1092
1046
|
.IP "\(bu" 4
|
1093
|
-
\fIDefault\fR:
|
1047
|
+
\fIDefault\fR: $vardir/lib
|
1094
1048
|
.
|
1095
1049
|
.IP "" 0
|
1096
1050
|
.
|
@@ -1098,7 +1052,7 @@ An extra search path for Puppet\. This is only useful for those files that Puppe
|
|
1098
1052
|
Where each client stores the CA certificate\.
|
1099
1053
|
.
|
1100
1054
|
.IP "\(bu" 4
|
1101
|
-
\fIDefault\fR:
|
1055
|
+
\fIDefault\fR: $certdir/ca\.pem
|
1102
1056
|
.
|
1103
1057
|
.IP "" 0
|
1104
1058
|
.
|
@@ -1106,7 +1060,7 @@ Where each client stores the CA certificate\.
|
|
1106
1060
|
Where Puppet should store translation files that it pulls down from the central server\.
|
1107
1061
|
.
|
1108
1062
|
.IP "\(bu" 4
|
1109
|
-
\fIDefault\fR:
|
1063
|
+
\fIDefault\fR: $vardir/locales
|
1110
1064
|
.
|
1111
1065
|
.IP "" 0
|
1112
1066
|
.
|
@@ -1114,15 +1068,7 @@ Where Puppet should store translation files that it pulls down from the central
|
|
1114
1068
|
From where to retrieve translation files\. The standard Puppet \fBfile\fR type is used for retrieval, so anything that is a valid file source can be used here\.
|
1115
1069
|
.
|
1116
1070
|
.IP "\(bu" 4
|
1117
|
-
\fIDefault\fR:
|
1118
|
-
.
|
1119
|
-
.IP "" 0
|
1120
|
-
.
|
1121
|
-
.SS "location_trusted"
|
1122
|
-
This will allow sending the name + password and the cookie header to all hosts that puppet may redirect to\. This may or may not introduce a security breach if puppet redirects you to a site to which you\'ll send your authentication info and cookies\.
|
1123
|
-
.
|
1124
|
-
.IP "\(bu" 4
|
1125
|
-
\fIDefault\fR: \fBfalse\fR
|
1071
|
+
\fIDefault\fR: puppet:///locales
|
1126
1072
|
.
|
1127
1073
|
.IP "" 0
|
1128
1074
|
.
|
@@ -1154,23 +1100,22 @@ emerg
|
|
1154
1100
|
crit
|
1155
1101
|
.
|
1156
1102
|
.IP "\(bu" 4
|
1157
|
-
\fIDefault\fR:
|
1103
|
+
\fIDefault\fR: notice
|
1158
1104
|
.
|
1159
1105
|
.IP "" 0
|
1160
1106
|
.
|
1161
1107
|
.SS "logdest"
|
1162
|
-
Where to send log messages\. Choose between \'syslog\' (the POSIX syslog service), \'eventlog\' (the Windows Event Log), \'console\', or the path to a log file\.
|
1108
|
+
Where to send log messages\. Choose between \'syslog\' (the POSIX syslog service), \'eventlog\' (the Windows Event Log), \'console\', or the path to a log file\.
|
1163
1109
|
.
|
1164
|
-
.
|
1165
|
-
\fIDefault\fR:
|
1166
|
-
|
1167
|
-
.IP "" 0
|
1110
|
+
.TP
|
1111
|
+
\fIDefault\fR:
|
1112
|
+
|
1168
1113
|
.
|
1169
1114
|
.SS "logdir"
|
1170
1115
|
The directory in which to store log files
|
1171
1116
|
.
|
1172
1117
|
.IP "\(bu" 4
|
1173
|
-
\fIDefault\fR:
|
1118
|
+
\fIDefault\fR: Unix/Linux: /var/log/puppetlabs/puppet \-\- Windows: C:\eProgramData\ePuppetLabs\epuppet\evar\elog \-\- Non\-root user: ~/\.puppetlabs/var/log
|
1174
1119
|
.
|
1175
1120
|
.IP "" 0
|
1176
1121
|
.
|
@@ -1178,26 +1123,25 @@ The directory in which to store log files
|
|
1178
1123
|
Whether Puppet should manage the owner, group, and mode of files it uses internally\. \fBNote\fR: For Windows agents, the default is \fBfalse\fR for versions 4\.10\.13 and greater, versions 5\.5\.6 and greater, and versions 6\.0 and greater\.
|
1179
1124
|
.
|
1180
1125
|
.IP "\(bu" 4
|
1181
|
-
\fIDefault\fR:
|
1126
|
+
\fIDefault\fR: true
|
1182
1127
|
.
|
1183
1128
|
.IP "" 0
|
1184
1129
|
.
|
1185
1130
|
.SS "manifest"
|
1186
|
-
The entry\-point manifest for
|
1131
|
+
The entry\-point manifest for puppet master\. This can be one file or a directory of manifests to be evaluated in alphabetical order\. Puppet manages this path as a directory if one exists or if the path ends with a / or \.
|
1187
1132
|
.
|
1188
1133
|
.P
|
1189
1134
|
Setting a global value for \fBmanifest\fR in puppet\.conf is not allowed (but it can be overridden from the commandline)\. Please use directory environments instead\. If you need to use something other than the environment\'s \fBmanifests\fR directory as the main manifest, you can set \fBmanifest\fR in environment\.conf\. For more info, see \fIhttps://puppet\.com/docs/puppet/latest/environments_about\.html\fR
|
1190
1135
|
.
|
1191
|
-
.
|
1192
|
-
\fIDefault\fR:
|
1193
|
-
|
1194
|
-
.IP "" 0
|
1136
|
+
.TP
|
1137
|
+
\fIDefault\fR:
|
1138
|
+
|
1195
1139
|
.
|
1196
1140
|
.SS "masterport"
|
1197
1141
|
The default port puppet subcommands use to communicate with Puppet Server\. (eg \fBpuppet facts upload\fR, \fBpuppet agent\fR)\. May be overridden by more specific settings (see \fBca_port\fR, \fBreport_port\fR)\.
|
1198
1142
|
.
|
1199
1143
|
.IP "\(bu" 4
|
1200
|
-
\fIDefault\fR:
|
1144
|
+
\fIDefault\fR: $serverport
|
1201
1145
|
.
|
1202
1146
|
.IP "" 0
|
1203
1147
|
.
|
@@ -1205,7 +1149,7 @@ The default port puppet subcommands use to communicate with Puppet Server\. (eg
|
|
1205
1149
|
Sets the max number of logged/displayed parser validation deprecation warnings in case multiple deprecation warnings have been detected\. A value of 0 blocks the logging of deprecation warnings\. The count is per manifest\.
|
1206
1150
|
.
|
1207
1151
|
.IP "\(bu" 4
|
1208
|
-
\fIDefault\fR:
|
1152
|
+
\fIDefault\fR: 10
|
1209
1153
|
.
|
1210
1154
|
.IP "" 0
|
1211
1155
|
.
|
@@ -1213,7 +1157,7 @@ Sets the max number of logged/displayed parser validation deprecation warnings i
|
|
1213
1157
|
Sets the max number of logged/displayed parser validation errors in case multiple errors have been detected\. A value of 0 is the same as a value of 1; a minimum of one error is always raised\. The count is per manifest\.
|
1214
1158
|
.
|
1215
1159
|
.IP "\(bu" 4
|
1216
|
-
\fIDefault\fR:
|
1160
|
+
\fIDefault\fR: 10
|
1217
1161
|
.
|
1218
1162
|
.IP "" 0
|
1219
1163
|
.
|
@@ -1221,7 +1165,7 @@ Sets the max number of logged/displayed parser validation errors in case multipl
|
|
1221
1165
|
Sets the max number of logged/displayed parser validation warnings in case multiple warnings have been detected\. A value of 0 blocks logging of warnings\. The count is per manifest\.
|
1222
1166
|
.
|
1223
1167
|
.IP "\(bu" 4
|
1224
|
-
\fIDefault\fR:
|
1168
|
+
\fIDefault\fR: 10
|
1225
1169
|
.
|
1226
1170
|
.IP "" 0
|
1227
1171
|
.
|
@@ -1229,7 +1173,7 @@ Sets the max number of logged/displayed parser validation warnings in case multi
|
|
1229
1173
|
The maximum allowed UID\. Some platforms use negative UIDs but then ship with tools that do not know how to handle signed ints, so the UIDs show up as huge numbers that can then not be fed back into the system\. This is a hackish way to fail in a slightly more useful way when that happens\.
|
1230
1174
|
.
|
1231
1175
|
.IP "\(bu" 4
|
1232
|
-
\fIDefault\fR:
|
1176
|
+
\fIDefault\fR: 4294967290
|
1233
1177
|
.
|
1234
1178
|
.IP "" 0
|
1235
1179
|
.
|
@@ -1237,7 +1181,7 @@ The maximum allowed UID\. Some platforms use negative UIDs but then ship with to
|
|
1237
1181
|
The maximum amount of time the Puppet agent should wait for its certificate request to be signed\. A value of \fBunlimited\fR will cause puppet agent to ask for a signed certificate indefinitely\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
1238
1182
|
.
|
1239
1183
|
.IP "\(bu" 4
|
1240
|
-
\fIDefault\fR:
|
1184
|
+
\fIDefault\fR: unlimited
|
1241
1185
|
.
|
1242
1186
|
.IP "" 0
|
1243
1187
|
.
|
@@ -1245,7 +1189,7 @@ The maximum amount of time the Puppet agent should wait for its certificate requ
|
|
1245
1189
|
The maximum amount of time the puppet agent should wait for an already running puppet agent to finish before starting a new one\. This is set by default to 1 minute\. A value of \fBunlimited\fR will cause puppet agent to wait indefinitely\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
1246
1190
|
.
|
1247
1191
|
.IP "\(bu" 4
|
1248
|
-
\fIDefault\fR:
|
1192
|
+
\fIDefault\fR: 1m
|
1249
1193
|
.
|
1250
1194
|
.IP "" 0
|
1251
1195
|
.
|
@@ -1259,7 +1203,7 @@ When a class has a failed dependency, every resource in the class generates a no
|
|
1259
1203
|
If true, all messages caused by a class dependency failure are merged into one message associated with the class\.
|
1260
1204
|
.
|
1261
1205
|
.IP "\(bu" 4
|
1262
|
-
\fIDefault\fR:
|
1206
|
+
\fIDefault\fR: false
|
1263
1207
|
.
|
1264
1208
|
.IP "" 0
|
1265
1209
|
.
|
@@ -1267,23 +1211,22 @@ If true, all messages caused by a class dependency failure are merged into one m
|
|
1267
1211
|
Whether to create the necessary user and group that puppet agent will run as\.
|
1268
1212
|
.
|
1269
1213
|
.IP "\(bu" 4
|
1270
|
-
\fIDefault\fR:
|
1214
|
+
\fIDefault\fR: false
|
1271
1215
|
.
|
1272
1216
|
.IP "" 0
|
1273
1217
|
.
|
1274
1218
|
.SS "module_groups"
|
1275
1219
|
Extra module groups to request from the Puppet Forge\. This is an internal setting, and users should never change it\.
|
1276
1220
|
.
|
1277
|
-
.
|
1278
|
-
\fIDefault\fR:
|
1279
|
-
|
1280
|
-
.IP "" 0
|
1221
|
+
.TP
|
1222
|
+
\fIDefault\fR:
|
1223
|
+
|
1281
1224
|
.
|
1282
1225
|
.SS "module_repository"
|
1283
1226
|
The module repository
|
1284
1227
|
.
|
1285
1228
|
.IP "\(bu" 4
|
1286
|
-
\fIDefault\fR:
|
1229
|
+
\fIDefault\fR: https://forgeapi\.puppet\.com
|
1287
1230
|
.
|
1288
1231
|
.IP "" 0
|
1289
1232
|
.
|
@@ -1291,7 +1234,7 @@ The module repository
|
|
1291
1234
|
The directory into which module tool data is stored
|
1292
1235
|
.
|
1293
1236
|
.IP "\(bu" 4
|
1294
|
-
\fIDefault\fR:
|
1237
|
+
\fIDefault\fR: $vardir/puppet\-module
|
1295
1238
|
.
|
1296
1239
|
.IP "" 0
|
1297
1240
|
.
|
@@ -1304,16 +1247,15 @@ Setting a global value for \fBmodulepath\fR in puppet\.conf is not allowed (but
|
|
1304
1247
|
.SS "name"
|
1305
1248
|
The name of the application, if we are running as one\. The default is essentially $0 without the path or \fB\.rb\fR\.
|
1306
1249
|
.
|
1307
|
-
.
|
1308
|
-
\fIDefault\fR:
|
1309
|
-
|
1310
|
-
.IP "" 0
|
1250
|
+
.TP
|
1251
|
+
\fIDefault\fR:
|
1252
|
+
|
1311
1253
|
.
|
1312
1254
|
.SS "named_curve"
|
1313
1255
|
The short name for the EC curve used to generate the EC private key\. Valid values must be one of the curves in \fBOpenSSL::PKey::EC\.builtin_curves\fR\. Default is \fBprime256v1\fR\.
|
1314
1256
|
.
|
1315
1257
|
.IP "\(bu" 4
|
1316
|
-
\fIDefault\fR:
|
1258
|
+
\fIDefault\fR: prime256v1
|
1317
1259
|
.
|
1318
1260
|
.IP "" 0
|
1319
1261
|
.
|
@@ -1321,37 +1263,25 @@ The short name for the EC curve used to generate the EC private key\. Valid valu
|
|
1321
1263
|
List of host or domain names that should not go through \fBhttp_proxy_host\fR\. Environment variable no_proxy or NO_PROXY will override this value\. Names can be specified as an FQDN \fBhost\.example\.com\fR, wildcard \fB*\.example\.com\fR, dotted domain \fB\.example\.com\fR, or suffix \fBexample\.com\fR\.
|
1322
1264
|
.
|
1323
1265
|
.IP "\(bu" 4
|
1324
|
-
\fIDefault\fR:
|
1266
|
+
\fIDefault\fR: localhost, 127\.0\.0\.1
|
1325
1267
|
.
|
1326
1268
|
.IP "" 0
|
1327
1269
|
.
|
1328
1270
|
.SS "node_cache_terminus"
|
1329
1271
|
How to store cached nodes\. Valid values are (none), \'json\', \'msgpack\', or \'yaml\'\.
|
1330
1272
|
.
|
1331
|
-
.
|
1332
|
-
\fIDefault\fR:
|
1333
|
-
|
1334
|
-
.IP "" 0
|
1335
|
-
.
|
1336
|
-
.SS "node_name"
|
1337
|
-
How the puppet master determines the client\'s identity and sets the \'hostname\', \'fqdn\' and \'domain\' facts for use in the manifest, in particular for determining which \'node\' statement applies to the client\. Possible values are \'cert\' (use the subject\'s CN in the client\'s certificate) and \'facter\' (use the hostname that the client reported in its facts)\.
|
1338
|
-
.
|
1339
|
-
.P
|
1340
|
-
This setting is deprecated, please use explicit fact matching for classification\.
|
1341
|
-
.
|
1342
|
-
.IP "\(bu" 4
|
1343
|
-
\fIDefault\fR: \fBcert\fR
|
1344
|
-
.
|
1345
|
-
.IP "" 0
|
1273
|
+
.TP
|
1274
|
+
\fIDefault\fR:
|
1275
|
+
|
1346
1276
|
.
|
1347
1277
|
.SS "node_name_fact"
|
1348
|
-
The fact name used to determine the node name used for all requests the agent makes to the
|
1278
|
+
The fact name used to determine the node name used for all requests the agent makes to the master\. WARNING: This setting is mutually exclusive with node_name_value\. Changing this setting also requires changes to Puppet Server\'s default auth\.conf \fIhttps://puppet\.com/docs/puppetserver/latest/config_file_auth\.html\fR\.
|
1349
1279
|
.
|
1350
1280
|
.SS "node_name_value"
|
1351
|
-
The explicit value used for the node name for all requests the agent makes to the
|
1281
|
+
The explicit value used for the node name for all requests the agent makes to the master\. WARNING: This setting is mutually exclusive with node_name_fact\. Changing this setting also requires changes to Puppet Server\'s default auth\.conf \fIhttps://puppet\.com/docs/puppetserver/latest/config_file_auth\.html\fR\.
|
1352
1282
|
.
|
1353
1283
|
.IP "\(bu" 4
|
1354
|
-
\fIDefault\fR:
|
1284
|
+
\fIDefault\fR: $certname
|
1355
1285
|
.
|
1356
1286
|
.IP "" 0
|
1357
1287
|
.
|
@@ -1385,7 +1315,7 @@ The three main node data plugins are:
|
|
1385
1315
|
\fBclassifier\fR (formerly \fBconsole\fR) \-\-\- Specific to Puppet Enterprise\. Uses the PE console for node data\."
|
1386
1316
|
.
|
1387
1317
|
.IP "\(bu" 4
|
1388
|
-
\fIDefault\fR:
|
1318
|
+
\fIDefault\fR: plain
|
1389
1319
|
.
|
1390
1320
|
.IP "" 0
|
1391
1321
|
.
|
@@ -1393,13 +1323,13 @@ The three main node data plugins are:
|
|
1393
1323
|
Whether to apply catalogs in noop mode, which allows Puppet to partially simulate a normal run\. This setting affects puppet agent and puppet apply\.
|
1394
1324
|
.
|
1395
1325
|
.P
|
1396
|
-
When running in noop mode, Puppet will check whether each resource is in sync, like it does when running normally\. However, if a resource attribute is not in the desired state (as declared in the catalog), Puppet will take no action, and will instead report the changes it \fIwould\fR have made\. These simulated changes will appear in the report sent to the
|
1326
|
+
When running in noop mode, Puppet will check whether each resource is in sync, like it does when running normally\. However, if a resource attribute is not in the desired state (as declared in the catalog), Puppet will take no action, and will instead report the changes it \fIwould\fR have made\. These simulated changes will appear in the report sent to the puppet master, or be shown on the console if running puppet agent or puppet apply in the foreground\. The simulated changes will not send refresh events to any subscribing or notified resources, although Puppet will log that a refresh event \fIwould\fR have been sent\.
|
1397
1327
|
.
|
1398
1328
|
.P
|
1399
1329
|
\fBImportant note:\fR The \fBnoop\fR metaparameter \fIhttps://puppet\.com/docs/puppet/latest/metaparameter\.html#noop\fR allows you to apply individual resources in noop mode, and will override the global value of the \fBnoop\fR setting\. This means a resource with \fBnoop => false\fR \fIwill\fR be changed if necessary, even when running puppet agent with \fBnoop = true\fR or \fB\-\-noop\fR\. (Conversely, a resource with \fBnoop => true\fR will only be simulated, even when noop mode is globally disabled\.)
|
1400
1330
|
.
|
1401
1331
|
.IP "\(bu" 4
|
1402
|
-
\fIDefault\fR:
|
1332
|
+
\fIDefault\fR: false
|
1403
1333
|
.
|
1404
1334
|
.IP "" 0
|
1405
1335
|
.
|
@@ -1407,7 +1337,7 @@ When running in noop mode, Puppet will check whether each resource is in sync, l
|
|
1407
1337
|
Perform one configuration run and exit, rather than spawning a long\-running daemon\. This is useful for interactively running puppet agent, or running puppet agent from cron\.
|
1408
1338
|
.
|
1409
1339
|
.IP "\(bu" 4
|
1410
|
-
\fIDefault\fR:
|
1340
|
+
\fIDefault\fR: false
|
1411
1341
|
.
|
1412
1342
|
.IP "" 0
|
1413
1343
|
.
|
@@ -1415,7 +1345,7 @@ Perform one configuration run and exit, rather than spawning a long\-running dae
|
|
1415
1345
|
Where puppet agent stores the password for its private key\. Generally unused\.
|
1416
1346
|
.
|
1417
1347
|
.IP "\(bu" 4
|
1418
|
-
\fIDefault\fR:
|
1348
|
+
\fIDefault\fR: $privatedir/password
|
1419
1349
|
.
|
1420
1350
|
.IP "" 0
|
1421
1351
|
.
|
@@ -1426,7 +1356,7 @@ The shell search path\. Defaults to whatever is inherited from the parent proces
|
|
1426
1356
|
This setting can only be set in the \fB[main]\fR section of puppet\.conf; it cannot be set in \fB[server]\fR, \fB[agent]\fR, or an environment config section\.
|
1427
1357
|
.
|
1428
1358
|
.IP "\(bu" 4
|
1429
|
-
\fIDefault\fR:
|
1359
|
+
\fIDefault\fR: none
|
1430
1360
|
.
|
1431
1361
|
.IP "" 0
|
1432
1362
|
.
|
@@ -1434,7 +1364,7 @@ This setting can only be set in the \fB[main]\fR section of puppet\.conf; it can
|
|
1434
1364
|
The file containing the PID of a running process\. This file is intended to be used by service management frameworks and monitoring systems to determine if a puppet process is still in the process table\.
|
1435
1365
|
.
|
1436
1366
|
.IP "\(bu" 4
|
1437
|
-
\fIDefault\fR:
|
1367
|
+
\fIDefault\fR: $rundir/${run_mode}\.pid
|
1438
1368
|
.
|
1439
1369
|
.IP "" 0
|
1440
1370
|
.
|
@@ -1442,7 +1372,7 @@ The file containing the PID of a running process\. This file is intended to be u
|
|
1442
1372
|
Where Puppet should store plugins that it pulls down from the central server\.
|
1443
1373
|
.
|
1444
1374
|
.IP "\(bu" 4
|
1445
|
-
\fIDefault\fR:
|
1375
|
+
\fIDefault\fR: $libdir
|
1446
1376
|
.
|
1447
1377
|
.IP "" 0
|
1448
1378
|
.
|
@@ -1450,7 +1380,7 @@ Where Puppet should store plugins that it pulls down from the central server\.
|
|
1450
1380
|
Where Puppet should store external facts that are being handled by pluginsync
|
1451
1381
|
.
|
1452
1382
|
.IP "\(bu" 4
|
1453
|
-
\fIDefault\fR:
|
1383
|
+
\fIDefault\fR: $vardir/facts\.d
|
1454
1384
|
.
|
1455
1385
|
.IP "" 0
|
1456
1386
|
.
|
@@ -1458,7 +1388,7 @@ Where Puppet should store external facts that are being handled by pluginsync
|
|
1458
1388
|
Where to retrieve external facts for pluginsync
|
1459
1389
|
.
|
1460
1390
|
.IP "\(bu" 4
|
1461
|
-
\fIDefault\fR:
|
1391
|
+
\fIDefault\fR: puppet:///pluginfacts
|
1462
1392
|
.
|
1463
1393
|
.IP "" 0
|
1464
1394
|
.
|
@@ -1466,7 +1396,7 @@ Where to retrieve external facts for pluginsync
|
|
1466
1396
|
What files to ignore when pulling down plugins\.
|
1467
1397
|
.
|
1468
1398
|
.IP "\(bu" 4
|
1469
|
-
\fIDefault\fR:
|
1399
|
+
\fIDefault\fR: \.svn CVS \.git \.hg
|
1470
1400
|
.
|
1471
1401
|
.IP "" 0
|
1472
1402
|
.
|
@@ -1474,7 +1404,7 @@ What files to ignore when pulling down plugins\.
|
|
1474
1404
|
From where to retrieve plugins\. The standard Puppet \fBfile\fR type is used for retrieval, so anything that is a valid file source can be used here\.
|
1475
1405
|
.
|
1476
1406
|
.IP "\(bu" 4
|
1477
|
-
\fIDefault\fR:
|
1407
|
+
\fIDefault\fR: puppet:///plugins
|
1478
1408
|
.
|
1479
1409
|
.IP "" 0
|
1480
1410
|
.
|
@@ -1482,7 +1412,7 @@ From where to retrieve plugins\. The standard Puppet \fBfile\fR type is used for
|
|
1482
1412
|
Whether plugins should be synced with the central server\. This setting is deprecated\.
|
1483
1413
|
.
|
1484
1414
|
.IP "\(bu" 4
|
1485
|
-
\fIDefault\fR:
|
1415
|
+
\fIDefault\fR: true
|
1486
1416
|
.
|
1487
1417
|
.IP "" 0
|
1488
1418
|
.
|
@@ -1493,7 +1423,7 @@ A command to run after every agent run\. If this command returns a non\-zero ret
|
|
1493
1423
|
The preferred means of serializing ruby instances for passing over the wire\. This won\'t guarantee that all instances will be serialized using this method, since not all classes can be guaranteed to support this format, but it will be used for all classes that support it\.
|
1494
1424
|
.
|
1495
1425
|
.IP "\(bu" 4
|
1496
|
-
\fIDefault\fR:
|
1426
|
+
\fIDefault\fR: json
|
1497
1427
|
.
|
1498
1428
|
.IP "" 0
|
1499
1429
|
.
|
@@ -1504,23 +1434,22 @@ A command to run before every agent run\. If this command returns a non\-zero re
|
|
1504
1434
|
The directory where catalog previews per node are generated\.
|
1505
1435
|
.
|
1506
1436
|
.IP "\(bu" 4
|
1507
|
-
\fIDefault\fR:
|
1437
|
+
\fIDefault\fR: $vardir/preview
|
1508
1438
|
.
|
1509
1439
|
.IP "" 0
|
1510
1440
|
.
|
1511
1441
|
.SS "priority"
|
1512
1442
|
The scheduling priority of the process\. Valid values are \'high\', \'normal\', \'low\', or \'idle\', which are mapped to platform\-specific values\. The priority can also be specified as an integer value and will be passed as is, e\.g\. \-5\. Puppet must be running as a privileged user in order to increase scheduling priority\.
|
1513
1443
|
.
|
1514
|
-
.
|
1515
|
-
\fIDefault\fR:
|
1516
|
-
|
1517
|
-
.IP "" 0
|
1444
|
+
.TP
|
1445
|
+
\fIDefault\fR:
|
1446
|
+
|
1518
1447
|
.
|
1519
1448
|
.SS "privatedir"
|
1520
1449
|
Where the client stores private certificate information\.
|
1521
1450
|
.
|
1522
1451
|
.IP "\(bu" 4
|
1523
|
-
\fIDefault\fR:
|
1452
|
+
\fIDefault\fR: $ssldir/private
|
1524
1453
|
.
|
1525
1454
|
.IP "" 0
|
1526
1455
|
.
|
@@ -1528,7 +1457,7 @@ Where the client stores private certificate information\.
|
|
1528
1457
|
The private key directory\.
|
1529
1458
|
.
|
1530
1459
|
.IP "\(bu" 4
|
1531
|
-
\fIDefault\fR:
|
1460
|
+
\fIDefault\fR: $ssldir/private_keys
|
1532
1461
|
.
|
1533
1462
|
.IP "" 0
|
1534
1463
|
.
|
@@ -1536,7 +1465,15 @@ The private key directory\.
|
|
1536
1465
|
Whether to enable experimental performance profiling
|
1537
1466
|
.
|
1538
1467
|
.IP "\(bu" 4
|
1539
|
-
\fIDefault\fR:
|
1468
|
+
\fIDefault\fR: false
|
1469
|
+
.
|
1470
|
+
.IP "" 0
|
1471
|
+
.
|
1472
|
+
.SS "publicdir"
|
1473
|
+
Where Puppet stores public files\.
|
1474
|
+
.
|
1475
|
+
.IP "\(bu" 4
|
1476
|
+
\fIDefault\fR: Unix/Linux: /opt/puppetlabs/puppet/public \-\- Windows: C:\eProgramData\ePuppetLabs\epuppet\epublic \-\- Non\-root user: ~/\.puppetlabs/opt/puppet/public
|
1540
1477
|
.
|
1541
1478
|
.IP "" 0
|
1542
1479
|
.
|
@@ -1544,7 +1481,7 @@ Whether to enable experimental performance profiling
|
|
1544
1481
|
The public key directory\.
|
1545
1482
|
.
|
1546
1483
|
.IP "\(bu" 4
|
1547
|
-
\fIDefault\fR:
|
1484
|
+
\fIDefault\fR: $ssldir/public_keys
|
1548
1485
|
.
|
1549
1486
|
.IP "" 0
|
1550
1487
|
.
|
@@ -1552,7 +1489,7 @@ The public key directory\.
|
|
1552
1489
|
Whether to print the Puppet stack trace on some errors\. This is a noop if \fBtrace\fR is also set\.
|
1553
1490
|
.
|
1554
1491
|
.IP "\(bu" 4
|
1555
|
-
\fIDefault\fR:
|
1492
|
+
\fIDefault\fR: false
|
1556
1493
|
.
|
1557
1494
|
.IP "" 0
|
1558
1495
|
.
|
@@ -1560,13 +1497,13 @@ Whether to print the Puppet stack trace on some errors\. This is a noop if \fBtr
|
|
1560
1497
|
The fallback log file\. This is only used when the \fB\-\-logdest\fR option is not specified AND Puppet is running on an operating system where both the POSIX syslog service and the Windows Event Log are unavailable\. (Currently, no supported operating systems match that description\.)
|
1561
1498
|
.
|
1562
1499
|
.P
|
1563
|
-
Despite the name, both puppet agent and puppet
|
1500
|
+
Despite the name, both puppet agent and puppet master will use this file as the fallback logging destination\.
|
1564
1501
|
.
|
1565
1502
|
.P
|
1566
|
-
For control over logging destinations, see the \fB\-\-logdest\fR command line option in the manual pages for puppet
|
1503
|
+
For control over logging destinations, see the \fB\-\-logdest\fR command line option in the manual pages for puppet master, puppet agent, and puppet apply\. You can see man pages by running \fBpuppet <SUBCOMMAND> \-\-help\fR, or read them online at https://puppet\.com/docs/puppet/latest/man/\.
|
1567
1504
|
.
|
1568
1505
|
.IP "\(bu" 4
|
1569
|
-
\fIDefault\fR:
|
1506
|
+
\fIDefault\fR: $logdir/puppetd\.log
|
1570
1507
|
.
|
1571
1508
|
.IP "" 0
|
1572
1509
|
.
|
@@ -1574,7 +1511,7 @@ For control over logging destinations, see the \fB\-\-logdest\fR command line op
|
|
1574
1511
|
Whether to send reports after every transaction\.
|
1575
1512
|
.
|
1576
1513
|
.IP "\(bu" 4
|
1577
|
-
\fIDefault\fR:
|
1514
|
+
\fIDefault\fR: true
|
1578
1515
|
.
|
1579
1516
|
.IP "" 0
|
1580
1517
|
.
|
@@ -1582,7 +1519,7 @@ Whether to send reports after every transaction\.
|
|
1582
1519
|
Whether the \'http\' report processor should include the system certificate store when submitting reports to HTTPS URLs\. If false, then the \'http\' processor will only trust HTTPS report servers whose certificates are issued by the puppet CA or one of its intermediate CAs\. If true, the processor will additionally trust CA certificates in the system\'s certificate store\.
|
1583
1520
|
.
|
1584
1521
|
.IP "\(bu" 4
|
1585
|
-
\fIDefault\fR:
|
1522
|
+
\fIDefault\fR: false
|
1586
1523
|
.
|
1587
1524
|
.IP "" 0
|
1588
1525
|
.
|
@@ -1590,7 +1527,7 @@ Whether the \'http\' report processor should include the system certificate stor
|
|
1590
1527
|
The port to communicate with the report_server\.
|
1591
1528
|
.
|
1592
1529
|
.IP "\(bu" 4
|
1593
|
-
\fIDefault\fR:
|
1530
|
+
\fIDefault\fR: $serverport
|
1594
1531
|
.
|
1595
1532
|
.IP "" 0
|
1596
1533
|
.
|
@@ -1598,7 +1535,7 @@ The port to communicate with the report_server\.
|
|
1598
1535
|
The server to send transaction reports to\.
|
1599
1536
|
.
|
1600
1537
|
.IP "\(bu" 4
|
1601
|
-
\fIDefault\fR:
|
1538
|
+
\fIDefault\fR: $server
|
1602
1539
|
.
|
1603
1540
|
.IP "" 0
|
1604
1541
|
.
|
@@ -1606,7 +1543,7 @@ The server to send transaction reports to\.
|
|
1606
1543
|
The directory in which to store reports\. Each node gets a separate subdirectory in this directory\. This setting is only used when the \fBstore\fR report processor is enabled (see the \fBreports\fR setting)\.
|
1607
1544
|
.
|
1608
1545
|
.IP "\(bu" 4
|
1609
|
-
\fIDefault\fR:
|
1546
|
+
\fIDefault\fR: $vardir/reports
|
1610
1547
|
.
|
1611
1548
|
.IP "" 0
|
1612
1549
|
.
|
@@ -1614,16 +1551,13 @@ The directory in which to store reports\. Each node gets a separate subdirectory
|
|
1614
1551
|
The list of report handlers to use\. When using multiple report handlers, their names should be comma\-separated, with whitespace allowed\. (For example, \fBreports = http, store\fR\.)
|
1615
1552
|
.
|
1616
1553
|
.P
|
1617
|
-
This setting is relevant to puppet
|
1554
|
+
This setting is relevant to puppet master and puppet apply\. The puppet master will call these report handlers with the reports it receives from agent nodes, and puppet apply will call them with its own report\. (In all cases, the node applying the catalog must have \fBreport = true\fR\.)
|
1618
1555
|
.
|
1619
1556
|
.P
|
1620
1557
|
See the report reference for information on the built\-in report handlers; custom report handlers can also be loaded from modules\. (Report handlers are loaded from the lib directory, at \fBpuppet/reports/NAME\.rb\fR\.)
|
1621
1558
|
.
|
1622
|
-
.P
|
1623
|
-
To turn off reports entirely, set this to \fBnone\fR
|
1624
|
-
.
|
1625
1559
|
.IP "\(bu" 4
|
1626
|
-
\fIDefault\fR:
|
1560
|
+
\fIDefault\fR: store
|
1627
1561
|
.
|
1628
1562
|
.IP "" 0
|
1629
1563
|
.
|
@@ -1631,7 +1565,7 @@ To turn off reports entirely, set this to \fBnone\fR
|
|
1631
1565
|
The URL that reports should be forwarded to\. This setting is only used when the \fBhttp\fR report processor is enabled (see the \fBreports\fR setting)\.
|
1632
1566
|
.
|
1633
1567
|
.IP "\(bu" 4
|
1634
|
-
\fIDefault\fR:
|
1568
|
+
\fIDefault\fR: http://localhost:3000/reports/upload
|
1635
1569
|
.
|
1636
1570
|
.IP "" 0
|
1637
1571
|
.
|
@@ -1639,7 +1573,7 @@ The URL that reports should be forwarded to\. This setting is only used when the
|
|
1639
1573
|
Where host certificate requests are stored\.
|
1640
1574
|
.
|
1641
1575
|
.IP "\(bu" 4
|
1642
|
-
\fIDefault\fR:
|
1576
|
+
\fIDefault\fR: $ssldir/certificate_requests
|
1643
1577
|
.
|
1644
1578
|
.IP "" 0
|
1645
1579
|
.
|
@@ -1647,15 +1581,7 @@ Where host certificate requests are stored\.
|
|
1647
1581
|
The file in which puppet agent stores a list of the resources associated with the retrieved configuration\.
|
1648
1582
|
.
|
1649
1583
|
.IP "\(bu" 4
|
1650
|
-
\fIDefault\fR:
|
1651
|
-
.
|
1652
|
-
.IP "" 0
|
1653
|
-
.
|
1654
|
-
.SS "rest_authconfig"
|
1655
|
-
The configuration file that defines the rights to the different rest indirections\. This can be used as a fine\-grained authorization system for \fBpuppet master\fR\. The \fBpuppet master\fR command is deprecated and Puppet Server uses its own auth\.conf that must be placed within its configuration directory\.
|
1656
|
-
.
|
1657
|
-
.IP "\(bu" 4
|
1658
|
-
\fIDefault\fR: \fB$confdir/auth\.conf\fR
|
1584
|
+
\fIDefault\fR: $statedir/resources\.txt
|
1659
1585
|
.
|
1660
1586
|
.IP "" 0
|
1661
1587
|
.
|
@@ -1663,7 +1589,7 @@ The configuration file that defines the rights to the different rest indirection
|
|
1663
1589
|
Whether to send updated facts after every transaction\. By default puppet only submits facts at the beginning of the transaction before applying a catalog\. Since puppet can modify the state of the system, the value of the facts may change after puppet finishes\. Therefore, any facts stored in puppetdb may not be consistent until the agent next runs, typically in 30 minutes\. If this feature is enabled, puppet will resubmit facts after applying its catalog, ensuring facts for the node stored in puppetdb are current\. However, this will double the fact submission load on puppetdb, so it is disabled by default\.
|
1664
1590
|
.
|
1665
1591
|
.IP "\(bu" 4
|
1666
|
-
\fIDefault\fR:
|
1592
|
+
\fIDefault\fR: false
|
1667
1593
|
.
|
1668
1594
|
.IP "" 0
|
1669
1595
|
.
|
@@ -1671,7 +1597,7 @@ Whether to send updated facts after every transaction\. By default puppet only s
|
|
1671
1597
|
Enables having extended data in the catalog by storing them as a hash with the special key \fB__ptype\fR\. When enabled, resource containing values of the data types \fBBinary\fR, \fBRegexp\fR, \fBSemVer\fR, \fBSemVerRange\fR, \fBTimespan\fR and \fBTimestamp\fR, as well as instances of types derived from \fBObject\fR retain their data type\.
|
1672
1598
|
.
|
1673
1599
|
.IP "\(bu" 4
|
1674
|
-
\fIDefault\fR:
|
1600
|
+
\fIDefault\fR: true
|
1675
1601
|
.
|
1676
1602
|
.IP "" 0
|
1677
1603
|
.
|
@@ -1679,7 +1605,7 @@ Enables having extended data in the catalog by storing them as a hash with the s
|
|
1679
1605
|
The YAML file containing indirector route configuration\.
|
1680
1606
|
.
|
1681
1607
|
.IP "\(bu" 4
|
1682
|
-
\fIDefault\fR:
|
1608
|
+
\fIDefault\fR: $confdir/routes\.yaml
|
1683
1609
|
.
|
1684
1610
|
.IP "" 0
|
1685
1611
|
.
|
@@ -1687,7 +1613,7 @@ The YAML file containing indirector route configuration\.
|
|
1687
1613
|
Where Puppet PID files are kept\.
|
1688
1614
|
.
|
1689
1615
|
.IP "\(bu" 4
|
1690
|
-
\fIDefault\fR:
|
1616
|
+
\fIDefault\fR: Unix/Linux: /var/run/puppetlabs \-\- Windows: C:\eProgramData\ePuppetLabs\epuppet\evar\erun \-\- Non\-root user: ~/\.puppetlabs/var/run
|
1691
1617
|
.
|
1692
1618
|
.IP "" 0
|
1693
1619
|
.
|
@@ -1695,7 +1621,7 @@ Where Puppet PID files are kept\.
|
|
1695
1621
|
How often puppet agent applies the catalog\. Note that a runinterval of 0 means "run continuously" rather than "never run\." This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
1696
1622
|
.
|
1697
1623
|
.IP "\(bu" 4
|
1698
|
-
\fIDefault\fR:
|
1624
|
+
\fIDefault\fR: 30m
|
1699
1625
|
.
|
1700
1626
|
.IP "" 0
|
1701
1627
|
.
|
@@ -1703,7 +1629,7 @@ How often puppet agent applies the catalog\. Note that a runinterval of 0 means
|
|
1703
1629
|
The maximum amount of time an agent run is allowed to take\. A Puppet agent run that exceeds this timeout will be aborted\. A value of 0 disables the timeout\. Defaults to 1 hour\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
1704
1630
|
.
|
1705
1631
|
.IP "\(bu" 4
|
1706
|
-
\fIDefault\fR:
|
1632
|
+
\fIDefault\fR: 1h
|
1707
1633
|
.
|
1708
1634
|
.IP "" 0
|
1709
1635
|
.
|
@@ -1711,15 +1637,15 @@ The maximum amount of time an agent run is allowed to take\. A Puppet agent run
|
|
1711
1637
|
Where the serial number for certificates is stored\.
|
1712
1638
|
.
|
1713
1639
|
.IP "\(bu" 4
|
1714
|
-
\fIDefault\fR:
|
1640
|
+
\fIDefault\fR: $cadir/serial
|
1715
1641
|
.
|
1716
1642
|
.IP "" 0
|
1717
1643
|
.
|
1718
1644
|
.SS "server"
|
1719
|
-
The
|
1645
|
+
The puppet master server to which the puppet agent should connect\.
|
1720
1646
|
.
|
1721
1647
|
.IP "\(bu" 4
|
1722
|
-
\fIDefault\fR:
|
1648
|
+
\fIDefault\fR: puppet
|
1723
1649
|
.
|
1724
1650
|
.IP "" 0
|
1725
1651
|
.
|
@@ -1727,15 +1653,15 @@ The primary Puppet server to which the Puppet agent should connect\.
|
|
1727
1653
|
The directory in which serialized data is stored, usually in a subdirectory\.
|
1728
1654
|
.
|
1729
1655
|
.IP "\(bu" 4
|
1730
|
-
\fIDefault\fR:
|
1656
|
+
\fIDefault\fR: $vardir/server_data
|
1731
1657
|
.
|
1732
1658
|
.IP "" 0
|
1733
1659
|
.
|
1734
1660
|
.SS "server_list"
|
1735
|
-
The list of
|
1661
|
+
The list of Puppet master servers to which the Puppet agent should connect, in the order that they will be tried\. Each value should be a fully qualified domain name, followed by an optional \':\' and port number\. If a port is omitted, Puppet uses masterport for that host\.
|
1736
1662
|
.
|
1737
1663
|
.IP "\(bu" 4
|
1738
|
-
\fIDefault\fR:
|
1664
|
+
\fIDefault\fR: []
|
1739
1665
|
.
|
1740
1666
|
.IP "" 0
|
1741
1667
|
.
|
@@ -1743,7 +1669,15 @@ The list of primary Puppet servers to which the Puppet agent should connect, in
|
|
1743
1669
|
The default port puppet subcommands use to communicate with Puppet Server\. (eg \fBpuppet facts upload\fR, \fBpuppet agent\fR)\. May be overridden by more specific settings (see \fBca_port\fR, \fBreport_port\fR)\.
|
1744
1670
|
.
|
1745
1671
|
.IP "\(bu" 4
|
1746
|
-
\fIDefault\fR:
|
1672
|
+
\fIDefault\fR: 8140
|
1673
|
+
.
|
1674
|
+
.IP "" 0
|
1675
|
+
.
|
1676
|
+
.SS "settings_catalog"
|
1677
|
+
Whether to compile and apply the settings catalog
|
1678
|
+
.
|
1679
|
+
.IP "\(bu" 4
|
1680
|
+
\fIDefault\fR: true
|
1747
1681
|
.
|
1748
1682
|
.IP "" 0
|
1749
1683
|
.
|
@@ -1751,7 +1685,7 @@ The default port puppet subcommands use to communicate with Puppet Server\. (eg
|
|
1751
1685
|
Whether to log and report a contextual diff when files are being replaced\. This causes partial file contents to pass through Puppet\'s normal logging and reporting system, so this setting should be used with caution if you are sending Puppet\'s reports to an insecure destination\. This feature currently requires the \fBdiff/lcs\fR Ruby library\.
|
1752
1686
|
.
|
1753
1687
|
.IP "\(bu" 4
|
1754
|
-
\fIDefault\fR:
|
1688
|
+
\fIDefault\fR: false
|
1755
1689
|
.
|
1756
1690
|
.IP "" 0
|
1757
1691
|
.
|
@@ -1759,7 +1693,7 @@ Whether to log and report a contextual diff when files are being replaced\. This
|
|
1759
1693
|
Where the CA stores signed certificates\.
|
1760
1694
|
.
|
1761
1695
|
.IP "\(bu" 4
|
1762
|
-
\fIDefault\fR:
|
1696
|
+
\fIDefault\fR: $cadir/signed
|
1763
1697
|
.
|
1764
1698
|
.IP "" 0
|
1765
1699
|
.
|
@@ -1769,10 +1703,9 @@ Tags to use to filter resources\. If this is set, then only resources not tagged
|
|
1769
1703
|
.SS "sourceaddress"
|
1770
1704
|
The address the agent should use to initiate requests\.
|
1771
1705
|
.
|
1772
|
-
.
|
1773
|
-
\fIDefault\fR:
|
1774
|
-
|
1775
|
-
.IP "" 0
|
1706
|
+
.TP
|
1707
|
+
\fIDefault\fR:
|
1708
|
+
|
1776
1709
|
.
|
1777
1710
|
.SS "splay"
|
1778
1711
|
Whether to sleep for a random amount of time, ranging from immediately up to its \fB$splaylimit\fR, before performing its first agent run after a service restart\. After this period, the agent runs periodically on its \fB$runinterval\fR\.
|
@@ -1784,10 +1717,10 @@ For example, assume a default 30\-minute \fB$runinterval\fR, \fBsplay\fR set to
|
|
1784
1717
|
With \fBsplay\fR enabled, it waits any amount of time up to its \fB$splaylimit\fR before its first run\. For example, it might randomly wait 8 minutes, then start its first run at :08 past the hour\. With the \fB$runinterval\fR at its default 30 minutes, its next run will be at :38 past the hour\.
|
1785
1718
|
.
|
1786
1719
|
.P
|
1787
|
-
If you restart an agent\'s puppet service with \fBsplay\fR enabled, it recalculates its splay period and delays its first agent run after restarting for this new period\. If you simultaneously restart a group of puppet agents with \fBsplay\fR enabled, their checkins to your
|
1720
|
+
If you restart an agent\'s puppet service with \fBsplay\fR enabled, it recalculates its splay period and delays its first agent run after restarting for this new period\. If you simultaneously restart a group of puppet agents with \fBsplay\fR enabled, their checkins to your puppet masters can be distributed more evenly\.
|
1788
1721
|
.
|
1789
1722
|
.IP "\(bu" 4
|
1790
|
-
\fIDefault\fR:
|
1723
|
+
\fIDefault\fR: false
|
1791
1724
|
.
|
1792
1725
|
.IP "" 0
|
1793
1726
|
.
|
@@ -1795,7 +1728,7 @@ If you restart an agent\'s puppet service with \fBsplay\fR enabled, it recalcula
|
|
1795
1728
|
The maximum time to delay before an agent\'s first run when \fBsplay\fR is enabled\. Defaults to the agent\'s \fB$runinterval\fR\. The \fBsplay\fR interval is random and recalculated each time the agent is started or restarted\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
1796
1729
|
.
|
1797
1730
|
.IP "\(bu" 4
|
1798
|
-
\fIDefault\fR:
|
1731
|
+
\fIDefault\fR: $runinterval
|
1799
1732
|
.
|
1800
1733
|
.IP "" 0
|
1801
1734
|
.
|
@@ -1803,15 +1736,7 @@ The maximum time to delay before an agent\'s first run when \fBsplay\fR is enabl
|
|
1803
1736
|
The domain which will be queried to find the SRV records of servers to use\.
|
1804
1737
|
.
|
1805
1738
|
.IP "\(bu" 4
|
1806
|
-
\fIDefault\fR:
|
1807
|
-
.
|
1808
|
-
.IP "" 0
|
1809
|
-
.
|
1810
|
-
.SS "ssl_client_ca_auth"
|
1811
|
-
Certificate authorities who issue server certificates\. SSL servers will not be considered authentic unless they possess a certificate issued by an authority listed in this file\. If this setting has no value then the Puppet master\'s CA certificate (localcacert) will be used\.
|
1812
|
-
.
|
1813
|
-
.IP "\(bu" 4
|
1814
|
-
\fIDefault\fR: ``
|
1739
|
+
\fIDefault\fR: delivery\.puppetlabs\.net
|
1815
1740
|
.
|
1816
1741
|
.IP "" 0
|
1817
1742
|
.
|
@@ -1822,7 +1747,7 @@ The header containing an authenticated client\'s SSL DN\. This header must be se
|
|
1822
1747
|
Note that the name of the HTTP header gets munged by the web server common gateway interface: an \fBHTTP_\fR prefix is added, dashes are converted to underscores, and all letters are uppercased\. Thus, to use the \fBX\-Client\-DN\fR header, this setting should be \fBHTTP_X_CLIENT_DN\fR\.
|
1823
1748
|
.
|
1824
1749
|
.IP "\(bu" 4
|
1825
|
-
\fIDefault\fR:
|
1750
|
+
\fIDefault\fR: HTTP_X_CLIENT_DN
|
1826
1751
|
.
|
1827
1752
|
.IP "" 0
|
1828
1753
|
.
|
@@ -1833,7 +1758,7 @@ The header containing the status message of the client verification\. This heade
|
|
1833
1758
|
Note that the name of the HTTP header gets munged by the web server common gateway interface: an \fBHTTP_\fR prefix is added, dashes are converted to underscores, and all letters are uppercased\. Thus, to use the \fBX\-Client\-Verify\fR header, this setting should be \fBHTTP_X_CLIENT_VERIFY\fR\.
|
1834
1759
|
.
|
1835
1760
|
.IP "\(bu" 4
|
1836
|
-
\fIDefault\fR:
|
1761
|
+
\fIDefault\fR: HTTP_X_CLIENT_VERIFY
|
1837
1762
|
.
|
1838
1763
|
.IP "" 0
|
1839
1764
|
.
|
@@ -1841,31 +1766,22 @@ Note that the name of the HTTP header gets munged by the web server common gatew
|
|
1841
1766
|
A lock file to indicate that the ssl bootstrap process is currently in progress\.
|
1842
1767
|
.
|
1843
1768
|
.IP "\(bu" 4
|
1844
|
-
\fIDefault\fR:
|
1845
|
-
.
|
1846
|
-
.IP "" 0
|
1847
|
-
.
|
1848
|
-
.SS "ssl_server_ca_auth"
|
1849
|
-
The setting is deprecated and has no effect\. Ensure all root and intermediate certificate authorities used to issue client certificates are contained in the server\'s \fBcacert\fR file on the server\.
|
1850
|
-
.
|
1851
|
-
.IP "\(bu" 4
|
1852
|
-
\fIDefault\fR: ``
|
1769
|
+
\fIDefault\fR: $ssldir/ssl\.lock
|
1853
1770
|
.
|
1854
1771
|
.IP "" 0
|
1855
1772
|
.
|
1856
1773
|
.SS "ssl_trust_store"
|
1857
1774
|
A file containing CA certificates in PEM format that puppet should trust when making HTTPS requests\. This \fBonly\fR applies to https requests to non\-puppet infrastructure, such as retrieving file metadata and content from https file sources, puppet module tool and the \'http\' report processor\. This setting is ignored when making requests to puppet:// URLs such as catalog and report requests\.
|
1858
1775
|
.
|
1859
|
-
.
|
1860
|
-
\fIDefault\fR:
|
1861
|
-
|
1862
|
-
.IP "" 0
|
1776
|
+
.TP
|
1777
|
+
\fIDefault\fR:
|
1778
|
+
|
1863
1779
|
.
|
1864
1780
|
.SS "ssldir"
|
1865
1781
|
Where SSL certificates are kept\.
|
1866
1782
|
.
|
1867
1783
|
.IP "\(bu" 4
|
1868
|
-
\fIDefault\fR:
|
1784
|
+
\fIDefault\fR: $confdir/ssl
|
1869
1785
|
.
|
1870
1786
|
.IP "" 0
|
1871
1787
|
.
|
@@ -1873,15 +1789,15 @@ Where SSL certificates are kept\.
|
|
1873
1789
|
The directory where Puppet state is stored\. Generally, this directory can be removed without causing harm (although it might result in spurious service restarts)\.
|
1874
1790
|
.
|
1875
1791
|
.IP "\(bu" 4
|
1876
|
-
\fIDefault\fR:
|
1792
|
+
\fIDefault\fR: $vardir/state
|
1877
1793
|
.
|
1878
1794
|
.IP "" 0
|
1879
1795
|
.
|
1880
1796
|
.SS "statefile"
|
1881
|
-
Where
|
1797
|
+
Where puppet agent and puppet master store state associated with the running configuration\. In the case of puppet master, this file reflects the state discovered through interacting with clients\.
|
1882
1798
|
.
|
1883
1799
|
.IP "\(bu" 4
|
1884
|
-
\fIDefault\fR:
|
1800
|
+
\fIDefault\fR: $statedir/state\.yaml
|
1885
1801
|
.
|
1886
1802
|
.IP "" 0
|
1887
1803
|
.
|
@@ -1892,15 +1808,15 @@ How long the Puppet agent should cache when a resource was last checked or synce
|
|
1892
1808
|
This setting affects the usage of \fBschedule\fR resources, as the information about when a resource was last checked (and therefore when it needs to be checked again) is stored in the \fBstatefile\fR\. The \fBstatettl\fR needs to be large enough to ensure that a resource will not trigger multiple times during a schedule due to its entry expiring from the cache\.
|
1893
1809
|
.
|
1894
1810
|
.IP "\(bu" 4
|
1895
|
-
\fIDefault\fR:
|
1811
|
+
\fIDefault\fR: 32d
|
1896
1812
|
.
|
1897
1813
|
.IP "" 0
|
1898
1814
|
.
|
1899
1815
|
.SS "static_catalogs"
|
1900
|
-
Whether to compile a static catalog \fIhttps://puppet\.com/docs/puppet/latest/static_catalogs\.html#enabling\-or\-disabling\-static\-catalogs\fR, which occurs only on Puppet Server when the \fBcode\-id\-command\fR and \fBcode\-content\-command\fR settings are configured in its \fBpuppetserver\.conf\fR file\.
|
1816
|
+
Whether to compile a static catalog \fIhttps://puppet\.com/docs/puppet/latest/static_catalogs\.html#enabling\-or\-disabling\-static\-catalogs\fR, which occurs only on a Puppet Server master when the \fBcode\-id\-command\fR and \fBcode\-content\-command\fR settings are configured in its \fBpuppetserver\.conf\fR file\.
|
1901
1817
|
.
|
1902
1818
|
.IP "\(bu" 4
|
1903
|
-
\fIDefault\fR:
|
1819
|
+
\fIDefault\fR: true
|
1904
1820
|
.
|
1905
1821
|
.IP "" 0
|
1906
1822
|
.
|
@@ -1914,7 +1830,7 @@ By default this uses the \'puppetdb\' backend\.
|
|
1914
1830
|
You can adjust the backend using the storeconfigs_backend setting\.
|
1915
1831
|
.
|
1916
1832
|
.IP "\(bu" 4
|
1917
|
-
\fIDefault\fR:
|
1833
|
+
\fIDefault\fR: false
|
1918
1834
|
.
|
1919
1835
|
.IP "" 0
|
1920
1836
|
.
|
@@ -1922,7 +1838,7 @@ You can adjust the backend using the storeconfigs_backend setting\.
|
|
1922
1838
|
Configure the backend terminus used for StoreConfigs\. By default, this uses the PuppetDB store, which must be installed and configured before turning on StoreConfigs\.
|
1923
1839
|
.
|
1924
1840
|
.IP "\(bu" 4
|
1925
|
-
\fIDefault\fR:
|
1841
|
+
\fIDefault\fR: puppetdb
|
1926
1842
|
.
|
1927
1843
|
.IP "" 0
|
1928
1844
|
.
|
@@ -1941,13 +1857,13 @@ error \- perform extra validation, fail with error
|
|
1941
1857
|
.IP "" 0
|
1942
1858
|
.
|
1943
1859
|
.P
|
1944
|
-
The strictness level is for both language semantics and runtime evaluation validation\. In addition to controlling the behavior with this
|
1860
|
+
The strictness level is for both language semantics and runtime evaluation validation\. In addition to controlling the behavior with this master switch some individual warnings may also be controlled by the disable_warnings setting\.
|
1945
1861
|
.
|
1946
1862
|
.P
|
1947
1863
|
No new validations will be added to a micro (x\.y\.z) release, but may be added in minor releases (x\.y\.0)\. In major releases it expected that most (if not all) strictness validation become standard behavior\.
|
1948
1864
|
.
|
1949
1865
|
.IP "\(bu" 4
|
1950
|
-
\fIDefault\fR:
|
1866
|
+
\fIDefault\fR: warning
|
1951
1867
|
.
|
1952
1868
|
.IP "" 0
|
1953
1869
|
.
|
@@ -1955,18 +1871,7 @@ No new validations will be added to a micro (x\.y\.z) release, but may be added
|
|
1955
1871
|
Whether the agent specified environment should be considered authoritative, causing the run to fail if the retrieved catalog does not match it\.
|
1956
1872
|
.
|
1957
1873
|
.IP "\(bu" 4
|
1958
|
-
\fIDefault\fR:
|
1959
|
-
.
|
1960
|
-
.IP "" 0
|
1961
|
-
.
|
1962
|
-
.SS "strict_hostname_checking"
|
1963
|
-
Whether to only search for the complete hostname as it is in the certificate when searching for node information in the catalogs or to match dot delimited segments of the cert\'s certname and the hostname, fqdn, and/or domain facts\.
|
1964
|
-
.
|
1965
|
-
.P
|
1966
|
-
This setting is deprecated and will be removed in a future release\.
|
1967
|
-
.
|
1968
|
-
.IP "\(bu" 4
|
1969
|
-
\fIDefault\fR: \fBtrue\fR
|
1874
|
+
\fIDefault\fR: false
|
1970
1875
|
.
|
1971
1876
|
.IP "" 0
|
1972
1877
|
.
|
@@ -1974,7 +1879,7 @@ This setting is deprecated and will be removed in a future release\.
|
|
1974
1879
|
Causes an evaluation error when referencing unknown variables\. (This does not affect referencing variables that are explicitly set to undef)\.
|
1975
1880
|
.
|
1976
1881
|
.IP "\(bu" 4
|
1977
|
-
\fIDefault\fR:
|
1882
|
+
\fIDefault\fR: false
|
1978
1883
|
.
|
1979
1884
|
.IP "" 0
|
1980
1885
|
.
|
@@ -1982,15 +1887,15 @@ Causes an evaluation error when referencing unknown variables\. (This does not a
|
|
1982
1887
|
Whether to print a transaction summary\.
|
1983
1888
|
.
|
1984
1889
|
.IP "\(bu" 4
|
1985
|
-
\fIDefault\fR:
|
1890
|
+
\fIDefault\fR: false
|
1986
1891
|
.
|
1987
1892
|
.IP "" 0
|
1988
1893
|
.
|
1989
1894
|
.SS "supported_checksum_types"
|
1990
|
-
Checksum types supported by this agent for use in file resources of a static catalog\. Values must be comma\-separated\. Valid types are
|
1895
|
+
Checksum types supported by this agent for use in file resources of a static catalog\. Values must be comma\-separated\. Valid types are sha256, sha256lite, sha384, sha512, sha224, sha1, sha1lite, md5, md5lite, mtime, ctime\. Default is sha256, sha384, sha512, sha224, md5\.
|
1991
1896
|
.
|
1992
1897
|
.IP "\(bu" 4
|
1993
|
-
\fIDefault\fR:
|
1898
|
+
\fIDefault\fR: ["sha256", "sha384", "sha512", "sha224", "md5"]
|
1994
1899
|
.
|
1995
1900
|
.IP "" 0
|
1996
1901
|
.
|
@@ -1998,7 +1903,7 @@ Checksum types supported by this agent for use in file resources of a static cat
|
|
1998
1903
|
What syslog facility to use when logging to syslog\. Syslog has a fixed list of valid facilities, and you must choose one of those; you cannot just make one up\.
|
1999
1904
|
.
|
2000
1905
|
.IP "\(bu" 4
|
2001
|
-
\fIDefault\fR:
|
1906
|
+
\fIDefault\fR: daemon
|
2002
1907
|
.
|
2003
1908
|
.IP "" 0
|
2004
1909
|
.
|
@@ -2009,7 +1914,7 @@ Tags to use to find resources\. If this is set, then only resources tagged with
|
|
2009
1914
|
Turns on experimental support for tasks and plans in the puppet language\. This is for internal API use only\. Do not change this setting\.
|
2010
1915
|
.
|
2011
1916
|
.IP "\(bu" 4
|
2012
|
-
\fIDefault\fR:
|
1917
|
+
\fIDefault\fR: false
|
2013
1918
|
.
|
2014
1919
|
.IP "" 0
|
2015
1920
|
.
|
@@ -2017,7 +1922,7 @@ Turns on experimental support for tasks and plans in the puppet language\. This
|
|
2017
1922
|
Whether to print stack traces on some errors\. Will print internal Ruby stack trace interleaved with Puppet function frames\.
|
2018
1923
|
.
|
2019
1924
|
.IP "\(bu" 4
|
2020
|
-
\fIDefault\fR:
|
1925
|
+
\fIDefault\fR: false
|
2021
1926
|
.
|
2022
1927
|
.IP "" 0
|
2023
1928
|
.
|
@@ -2025,7 +1930,7 @@ Whether to print stack traces on some errors\. Will print internal Ruby stack tr
|
|
2025
1930
|
Transactional storage file for persisting data between transactions for the purposes of infering information (such as corrective_change) on new data received\.
|
2026
1931
|
.
|
2027
1932
|
.IP "\(bu" 4
|
2028
|
-
\fIDefault\fR:
|
1933
|
+
\fIDefault\fR: $statedir/transactionstore\.yaml
|
2029
1934
|
.
|
2030
1935
|
.IP "" 0
|
2031
1936
|
.
|
@@ -2046,35 +1951,23 @@ For unknown or invalid nodes, exit with a non\-zero exit code\.
|
|
2046
1951
|
.P
|
2047
1952
|
If the setting points to an executable command, then the external trusted facts will be stored in the \'external\' key of the trusted facts hash\. Otherwise for each executable file in the directory, the external trusted facts will be stored in the \fB<basename>\fR key of the \fBtrusted[\'external\']\fR hash\. For example, if the files foo\.rb and bar\.sh are in the directory, then \fBtrusted[\'external\']\fR will be the hash \fB{ \'foo\' => <foo\.rb output>, \'bar\' => <bar\.sh output> }\fR\.
|
2048
1953
|
.
|
2049
|
-
.
|
2050
|
-
\fIDefault\fR:
|
2051
|
-
|
2052
|
-
.IP "" 0
|
1954
|
+
.TP
|
1955
|
+
\fIDefault\fR:
|
1956
|
+
|
2053
1957
|
.
|
2054
1958
|
.SS "trusted_oid_mapping_file"
|
2055
1959
|
File that provides mapping between custom SSL oids and user\-friendly names
|
2056
1960
|
.
|
2057
1961
|
.IP "\(bu" 4
|
2058
|
-
\fIDefault\fR:
|
1962
|
+
\fIDefault\fR: $confdir/custom_trusted_oid_mapping\.yaml
|
2059
1963
|
.
|
2060
1964
|
.IP "" 0
|
2061
1965
|
.
|
2062
1966
|
.SS "use_cached_catalog"
|
2063
|
-
Whether to only use the cached catalog rather than compiling a new catalog on every run\. Puppet can be run with this enabled by default and then selectively disabled when a recompile is desired\. Because a Puppet agent using cached catalogs does not contact the
|
1967
|
+
Whether to only use the cached catalog rather than compiling a new catalog on every run\. Puppet can be run with this enabled by default and then selectively disabled when a recompile is desired\. Because a Puppet agent using cached catalogs does not contact the master for a new catalog, it also does not upload facts at the beginning of the Puppet run\.
|
2064
1968
|
.
|
2065
1969
|
.IP "\(bu" 4
|
2066
|
-
\fIDefault\fR:
|
2067
|
-
.
|
2068
|
-
.IP "" 0
|
2069
|
-
.
|
2070
|
-
.SS "use_last_environment"
|
2071
|
-
Puppet saves both the initial and converged environment in the last_run_summary file\. If they differ, and this setting is set to true, we will use the last converged environment and skip the node request\.
|
2072
|
-
.
|
2073
|
-
.P
|
2074
|
-
When set to false, we will do the node request and ignore the environment data from the last_run_summary file\.
|
2075
|
-
.
|
2076
|
-
.IP "\(bu" 4
|
2077
|
-
\fIDefault\fR: \fBtrue\fR
|
1970
|
+
\fIDefault\fR: false
|
2078
1971
|
.
|
2079
1972
|
.IP "" 0
|
2080
1973
|
.
|
@@ -2082,7 +1975,7 @@ When set to false, we will do the node request and ignore the environment data f
|
|
2082
1975
|
Whether the server will search for SRV records in DNS for the current domain\.
|
2083
1976
|
.
|
2084
1977
|
.IP "\(bu" 4
|
2085
|
-
\fIDefault\fR:
|
1978
|
+
\fIDefault\fR: false
|
2086
1979
|
.
|
2087
1980
|
.IP "" 0
|
2088
1981
|
.
|
@@ -2090,7 +1983,7 @@ Whether the server will search for SRV records in DNS for the current domain\.
|
|
2090
1983
|
Whether to use the cached configuration when the remote configuration will not compile\. This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known\-good one\.
|
2091
1984
|
.
|
2092
1985
|
.IP "\(bu" 4
|
2093
|
-
\fIDefault\fR:
|
1986
|
+
\fIDefault\fR: true
|
2094
1987
|
.
|
2095
1988
|
.IP "" 0
|
2096
1989
|
.
|
@@ -2098,7 +1991,7 @@ Whether to use the cached configuration when the remote configuration will not c
|
|
2098
1991
|
The user Puppet Server will run as\. Used to ensure the agent side processes (agent, apply, etc) create files and directories readable by Puppet Server when necessary\.
|
2099
1992
|
.
|
2100
1993
|
.IP "\(bu" 4
|
2101
|
-
\fIDefault\fR:
|
1994
|
+
\fIDefault\fR: puppet
|
2102
1995
|
.
|
2103
1996
|
.IP "" 0
|
2104
1997
|
.
|
@@ -2106,7 +1999,7 @@ The user Puppet Server will run as\. Used to ensure the agent side processes (ag
|
|
2106
1999
|
Where Puppet stores dynamic and growing data\. The default for this setting is calculated specially, like \fBconfdir\fR_\.
|
2107
2000
|
.
|
2108
2001
|
.IP "\(bu" 4
|
2109
|
-
\fIDefault\fR:
|
2002
|
+
\fIDefault\fR: Unix/Linux: /opt/puppetlabs/puppet/cache \-\- Windows: C:\eProgramData\ePuppetLabs\epuppet\ecache \-\- Non\-root user: ~/\.puppetlabs/opt/puppet/cache
|
2110
2003
|
.
|
2111
2004
|
.IP "" 0
|
2112
2005
|
.
|
@@ -2114,7 +2007,7 @@ Where Puppet stores dynamic and growing data\. The default for this setting is c
|
|
2114
2007
|
The directory containing \fBvendored\fR modules\. These modules will be used by \fIall\fR environments like those in the \fBbasemodulepath\fR\. The only difference is that modules in the \fBbasemodulepath\fR are pluginsynced, while vendored modules are not
|
2115
2008
|
.
|
2116
2009
|
.IP "\(bu" 4
|
2117
|
-
\fIDefault\fR:
|
2010
|
+
\fIDefault\fR: /opt/puppetlabs/puppet/vendor_modules
|
2118
2011
|
.
|
2119
2012
|
.IP "" 0
|
2120
2013
|
.
|
@@ -2122,7 +2015,7 @@ The directory containing \fBvendored\fR modules\. These modules will be used by
|
|
2122
2015
|
Whether or not to look for versioned environment directories, symlinked from \fB$environmentpath/<environment>\fR\. This is an experimental feature and should be used with caution\.
|
2123
2016
|
.
|
2124
2017
|
.IP "\(bu" 4
|
2125
|
-
\fIDefault\fR:
|
2018
|
+
\fIDefault\fR: false
|
2126
2019
|
.
|
2127
2020
|
.IP "" 0
|
2128
2021
|
.
|
@@ -2130,13 +2023,13 @@ Whether or not to look for versioned environment directories, symlinked from \fB
|
|
2130
2023
|
How frequently puppet agent should ask for a signed certificate\.
|
2131
2024
|
.
|
2132
2025
|
.P
|
2133
|
-
When starting for the first time, puppet agent will submit a certificate signing request (CSR) to the server named in the \fBca_server\fR setting (usually the
|
2026
|
+
When starting for the first time, puppet agent will submit a certificate signing request (CSR) to the server named in the \fBca_server\fR setting (usually the puppet master); this may be autosigned, or may need to be approved by a human, depending on the CA server\'s configuration\.
|
2134
2027
|
.
|
2135
2028
|
.P
|
2136
2029
|
Puppet agent cannot apply configurations until its approved certificate is available\. Since the certificate may or may not be available immediately, puppet agent will repeatedly try to fetch it at this interval\. You can turn off waiting for certificates by specifying a time of 0, or a maximum amount of time to wait in the \fBmaxwaitforcert\fR setting, in which case puppet agent will exit if it cannot get a cert\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
2137
2030
|
.
|
2138
2031
|
.IP "\(bu" 4
|
2139
|
-
\fIDefault\fR:
|
2032
|
+
\fIDefault\fR: 2m
|
2140
2033
|
.
|
2141
2034
|
.IP "" 0
|
2142
2035
|
.
|
@@ -2147,15 +2040,7 @@ How frequently puppet agent should try running when there is an already ongoing
|
|
2147
2040
|
This argument is by default disabled (value set to 0)\. In this case puppet agent will immediately exit if it cannot run at that moment\. When a value other than 0 is set, this can also be used in combination with the \fBmaxwaitforlock\fR argument\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
|
2148
2041
|
.
|
2149
2042
|
.IP "\(bu" 4
|
2150
|
-
\fIDefault\fR:
|
2151
|
-
.
|
2152
|
-
.IP "" 0
|
2153
|
-
.
|
2154
|
-
.SS "write_catalog_summary"
|
2155
|
-
Whether to write the \fBclassfile\fR and \fBresourcefile\fR after applying the catalog\. It is enabled by default, except when running \fBpuppet apply\fR\.
|
2156
|
-
.
|
2157
|
-
.IP "\(bu" 4
|
2158
|
-
\fIDefault\fR: \fBtrue\fR
|
2043
|
+
\fIDefault\fR: 0
|
2159
2044
|
.
|
2160
2045
|
.IP "" 0
|
2161
2046
|
.
|
@@ -2163,7 +2048,7 @@ Whether to write the \fBclassfile\fR and \fBresourcefile\fR after applying the c
|
|
2163
2048
|
The directory in which YAML data is stored, usually in a subdirectory\.
|
2164
2049
|
.
|
2165
2050
|
.IP "\(bu" 4
|
2166
|
-
\fIDefault\fR:
|
2051
|
+
\fIDefault\fR: $vardir/yaml
|
2167
2052
|
.
|
2168
2053
|
.IP "" 0
|
2169
2054
|
|